translated path software vulnerabilities
vulnerabilities.aspcode.net
Searching translated path software vulnerabilities
Untrusted search path vulnerability in day5data
day5datacopier
|
vulnerability
|
environment
|
arbitrary
|
malicious
|
Untrusted
|
variable
|
modified
|
commands
|
execute
|
program
|
search
|
points
|
allows
|
local
|
users
|
path
|
IRIX
|
via
|
SGI
|
Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.
Jakarta Tomcat 3.1 under Apache reveals physica
information
|
generates
|
attacker
|
includes
|
requests
|
physical
|
message
|
reveals
|
Jakarta
|
Tomcat
|
remote
|
Apache
|
which
|
exist
|
under
|
error
|
path
|
does
|
not
|
URL
|
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
AIX sysback before 4.2.1.13 uses a relative pat
sysback
|
before
|
AIX
|
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
itetris/xitetris 1.6.2 and earlier trusts the P
itetris/xitetris
|
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
Webridge PX Application Suite allows remote att
information
|
Application
|
attackers
|
sensitive
|
variables
|
generates
|
malformed
|
includes
|
Webridge
|
internal
|
pathname
|
message
|
address
|
request
|
remote
|
obtain
|
allows
|
server
|
which
|
error
|
Suite
|
full
|
via
|
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
PHP, when not configured with the "display_erro
"display_errors
|
configured
|
accessible
|
directive
|
attackers
|
physical
|
modifies
|
directly
|
trailing
|
produces
|
contains
|
request
|
setting
|
program
|
message
|
include
|
allows
|
remote
|
obtain
|
causes
|
phpini
|
error
|
which
|
slash
|
fail
|
path
|
Off"
|
base
|
file
|
PHP
|
not
|
via
|
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
Buffer overflows in (1) circle_poly, (2) path_e
overflows
|
Buffer
|
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.
zenTrack 2.0.3 and earlier allows remote attack
zenTrack
|
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message.
cPanel, when compiling Apache 1.3.29 and PHP wi
compiling
|
Apache
|
cPanel
|
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
SQL injection vulnerability in userlogin.php in
vulnerability
|
userloginphp
|
injection
|
Phorum
|
SQL
|
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
phpCOIN 1.2.2 allows remote attackers to obtain
phpCOIN
|
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
MyTopix 1.2.3 allows remote attackers to obtain
MyTopix
|
MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message.
CuteNews 1.4.1 and possibly other versions allo
CuteNews
|
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.
Absolute path traversal vulnerability in index.
vulnerability
|
directories
|
PhP-Gallery
|
arbitrary
|
parameter
|
traversal
|
attackers
|
Absolute
|
indexphp
|
321soft
|
browse
|
allows
|
remote
|
path
|
via
|
Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.
index.php in singapore 0.10.0 and earlier allow
singapore
|
indexphp
|
index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message.
Untrusted search path vulnerability in acctctl
vulnerability
|
Untrusted
|
acctctl
|
search
|
path
|
AIX
|
IBM
|
Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
PHPmybibli
|
inclusion
|
Multiple
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files.
PHP 5.2.0 and 4.4 allows local users to bypass
PHP
|
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
Untrusted search path vulnerability in Rumpus 5
vulnerability
|
privileges
|
Untrusted
|
malicious
|
modified
|
earlier
|
program
|
search
|
points
|
allows
|
Rumpus
|
users
|
local
|
ipfw
|
path
|
gain
|
via
|
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
** DISPUTED ** Multiple PHP remote file inclus
vulnerabilities
|
b2evolution
|
inclusion
|
attackers
|
arbitrary
|
DISPUTED
|
Multiple
|
execute
|
remote
|
allow
|
code
|
file
|
URL
|
via
|
PHP
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.
Software vulnerabilities results 1 to 20 of 1417
Page:
1
2
3
4
5
...
71
►