Page 27 of 139 results (0.010 seconds)

CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 3

CVE-2008-4319 – Libra PHP File Manager 1.18/2.0 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2008-4319

fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. El módulo fileadmin.php en Libra File Manager (también conocido como Libra PHP File Manager) v1.18 y anteriores permite a atacantes remotos evitar la autenticación, leer ficheros arbitrarios, modificar ficheros arbitrarios y listar el contenido de directorios arbitrarios, al insertar ciertos parámetros "user" e "isadmin" en la cadena de consulta. • https://www.exploit-db.com/exploits/6567 http://www.securityfocus.com/archive/1/496742 http://www.securityfocus.com/bid/31415 https://exchange.xforce.ibmcloud.com/vulnerabilities/45423 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 2

CVE-2008-1564 – File Transfer 1.2 - Request File Directory Traversal

https://notcve.org/view.php?id=CVE-2008-1564

Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename. Vulnerabilidad de salto de directorio en Dan Costin File Transfer antes de 1.2f permite a atacantes remotos leer archivos de su elección a través de "..\" (punto punto barra invertida) en el nombre de archivo. • https://www.exploit-db.com/exploits/31536 http://secunia.com/advisories/29540 http://sourceforge.net/project/shownotes.php?group_id=178021&release_id=586923 http://sourceforge.net/tracker/index.php?func=detail&aid=1829601&group_id=178021&atid=883559 http://www.securityfocus.com/bid/28453 https://exchange.xforce.ibmcloud.com/vulnerabilities/41489 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-5454

https://notcve.org/view.php?id=CVE-2007-5454

Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter. Vulnerabilidad de escalado de directorio en el index.php del PHP File Sharing System 1.5.1 permite a atacantes remotos listar o crear directorios de su elección, o borrar ficheros de su elección, como lo demostrado listando directorios a través de la inclusión de .. (punto punto) en el parámetro cam. • http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0343.html http://secunia.com/advisories/27257 http://www.securityfocus.com/bid/26065 https://exchange.xforce.ibmcloud.com/vulnerabilities/37193 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.1EPSS: 2%CPEs: 2EXPL: 0

CVE-2007-2799 – file integer overflow

https://notcve.org/view.php?id=CVE-2007-2799

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. Un desbordamiento de enteros en el programa "file" versión 4.20, cuando se ejecuta en sistemas de 32 bits, tal y como es usado en productos que incluyen The Sleuth Kit, podría permitir que los atacantes asistidos por el usuario ejecuten código arbitrario por medio de un archivo largo que activa un desbordamiento que omite una sentencia assert(). NOTA: este problema se debe a un parche incorrecto para CVE-2007-1536. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://osvdb.org/38498 http://secunia.com/advisories/25394 http://secunia.com/advisories/25544 http://secunia.com/advisories/25578 http://secunia.com/advisories/25931 http://secunia.com/advisories/26203 http://secunia.com/advisories/26294 http://secunia.com/advisories/26415& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 1

CVE-2007-1536 – File 4.13 - Command File_PrintF Integer Underflow

https://notcve.org/view.php?id=CVE-2007-1536

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Un subdesbordamiento de enteros en la función file_printf en el programa "file" anterior a versión 4.20, permite a los atacantes asistidos por el usuario ejecutar código arbitrario por medio de un archivo que desencadena un desbordamiento de búfer en la región heap de la memoria. • https://www.exploit-db.com/exploits/29753 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://mx.gw.com/pipermail/file/2007/000161.html http://openbsd.org/errata40.html#015_file http://secunia.com/advisories/24548 http://secunia.com/advisories/24592 http://secunia.com/advisories/24604 http://secunia.com/advisories • CWE-189: Numeric Errors •