(dot dot) in the file parameter, followed by a filename ending with "%00" and a. allows remote attackers to read arbitrary files via a.
#Ireader 7.4.0 software#
NOTE: this might be the same issue as CVE-2005-3747.Ībsolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.ĭirectory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.ĭirectory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1. (dot dot) in the page parameter, a different vector than CVE-2006-5773.ĭirectory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded. ĭirectory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a. Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (ST. gSOAP is prone to a directory traversal vulnerability which allows an unauthorized attacker to read files or directories. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php.ĭirectory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '.' sequences in the $error_log variable. Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a.
#Ireader 7.4.0 update#
(dot dot) in an HTTP GET request.ĭirectory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privil. (dot dot) in the SHOW parameter.ĭirectory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a.
#Ireader 7.4.0 pro#
(dot dot) sequences in the mapfile parameter.ĭirectory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via "." (dot dot) sequences in the username field.ĭirectory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a. ĭirectory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via. In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when runn. (dot dot) in the filename, which is not proper.
#Ireader 7.4.0 archive#
Malicious apps could cause excess data usage.Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a. Using this service will incur data usage. Allows apps to accept cloud to device messages sent by the app's service.The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. Allows the app to create network sockets and use custom network protocols.Allows the app to change the state of network connectivity.Allows the app to view information about network connections such as which networks exist and are connected.Allows the app to connect to and disconnect from Wi-Fi access points and to make changes to device configuration for Wi-Fi networks.Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and name of connected Wi-Fi devices.
0 kommentar(er)
