(dot dot) in the SHOW parameter.ĭirectory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a. (dot dot) sequences in the mapfile parameter.ĭirectory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via "." (dot dot) sequences in the username field.ĭirectory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a. ĭirectory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via. In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when runn. (dot dot) in the filename, which is not proper. Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a.
0 kommentar(er)
