CVE-2000-0919

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Publication date: Tue, 19 Dec 2000 11:00:00 +0000

Cyber News related to CVE-2000-0919

CVE-2000-0919 - Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. ...
7 years ago

CVE-2000-0744 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0743. Reason: This candidate is a duplicate of CVE-2000-0743. Notes: All CVE users should reference CVE-2000-0743 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2008-5416 - Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 ...
6 years ago

CVE-2008-0086 - Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. ...
6 years ago

CVE-2008-0107 - Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 ...
5 years ago

CVE-2008-0085 - SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize ...
5 years ago

CVE-2021-47460 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 ...
8 months ago Tenable.com

CVE-2024-49883 - In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use ...
3 months ago Tenable.com

CVE-2025-0919 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: This candidate is a reservation duplicate of CVE-2025-0818. Notes: All CVE users should reference CVE-2025-0818 instead of this candidate. All ...
1 day ago Tenable.com

CVE-2021-0919 - In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is ...
3 years ago

CVE-2016-0919 - EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. ...
3 years ago

CVE-2002-0919 - CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page. ...
16 years ago

CVE-2013-0919 - Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window. ...
11 years ago

CVE-2015-0919 - Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. ...
10 years ago

CVE-2014-0919 - IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands ...
8 years ago

CVE-2004-0919 - The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates. ...
7 years ago

CVE-2005-0919 - Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks. ...
7 years ago

CVE-2009-0919 - XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) ...
7 years ago

CVE-2010-0919 - Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code ...
7 years ago

CVE-2012-0919 - Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified ...
7 years ago

CVE-1999-0919 - A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. ...
7 years ago

CVE-2017-0919 - GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were ...
6 years ago

CVE-2011-0919 - Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ. ...
6 years ago

CVE-2008-0919 - Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter. ...
6 years ago

CVE-2007-0919 - Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. ...
6 years ago

Latest Cyber News

Roundtable: Is DOGE Flouting Cybersecurity for US Data? - 25 minutes ago
How Public & Private Sectors Can Better Align Cyber Defense - 51 minutes ago
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - 1 hour ago
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - 2 hours ago
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - 3 hours ago
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - 3 hours ago
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - 4 hours ago
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S - New Report - 4 hours ago
Hacker leaks account data of 12 million Zacks Investment users - 5 hours ago
APT43 Hackers Attacking Academic Institutions With Exposed Credentials - 6 hours ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - 6 hours ago
CVE-2025-25901 - 6 hours ago
CVE-2025-24904 - 6 hours ago
CVE-2025-25355 - 6 hours ago
CVE-2024-12011 - 6 hours ago
ANYRUN Safebrowsing Extension - Analyse Any Malicious URL for Free - 6 hours ago
CVE-2025-0426 - 7 hours ago
Munich Cyber Security and Security Conferences 2025 [Live Updates] | The Record from Recorded Future News - 8 hours ago
Chinese espionage tools deployed in RA World ransomware attack - 8 hours ago
CVE-2025-26580 - 8 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Roundtable: Is DOGE Flouting Cybersecurity for US Data? - 25 minutes ago
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - 1 hour ago
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - 2 hours ago
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - 3 hours ago
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - 3 hours ago
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - 4 hours ago
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S - New Report - 4 hours ago
Hacker leaks account data of 12 million Zacks Investment users - 5 hours ago
CVE-2025-0995 - 1 day ago
CVE-2025-0996 - 1 day ago
CVE-2025-0997 - 1 day ago
CVE-2025-0998 - 1 day ago
CVE-2025-24528 - 1 day ago
CVE-2024-11343 - 1 day ago
CVE-2024-12629 - 1 day ago
CVE-2024-9870 - 1 day ago
CVE-2025-0332 - 1 day ago
CVE-2025-0516 - 1 day ago
CVE-2025-1208 - 1 day ago
CVE-2025-25349 - 1 day ago