CVE-2007-0389

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

Publication date: Sat, 20 Jan 2007 05:28:00 +0000

Cyber News related to CVE-2007-0389

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-0389 - Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in ...
6 years ago

CVE-2005-0389 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0814. Reason: This candidate is a duplicate of CVE-2005-0814. Notes: All CVE users should reference CVE-2005-0814 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com

CVE-2014-6592 - Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389. ...
8 years ago

CVE-2015-0389 - Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592. ...
8 years ago

CVE-2001-0389 - IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. ...
16 years ago

CVE-2003-0389 - Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request ...
16 years ago

CVE-1999-0389 - Buffer overflow in the bootp server in the Debian Linux netstd package. ...
16 years ago

CVE-2010-0389 - The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. Per: ...
14 years ago

CVE-2014-0389 - Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. ...
8 years ago

CVE-2016-0389 - Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. ...
8 years ago

CVE-2002-0389 - Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. ...
7 years ago

CVE-2017-0389 - A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: ...
7 years ago

CVE-2004-0389 - RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests. ...
9 months ago

CVE-2006-0389 - Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. ...
7 years ago

CVE-2008-0389 - Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. ...
7 years ago

CVE-2011-0389 - Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID ...
7 years ago

CVE-2012-0389 - Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the ...
7 years ago

CVE-2009-0389 - Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ...
7 years ago

CVE-2018-0389 - A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial ...
5 years ago

CVE-2000-0389 - Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. ...
4 years ago

CVE-2019-0389 - An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not ...
4 years ago

CVE-2020-0389 - In createSaveNotification of RecordingService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for ...
3 years ago

CVE-2022-0389 - The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. ...
2 years ago

CVE-2013-0389 - Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. ...
2 years ago

Latest Cyber News

CVE-2024-11858 - 3 hours ago
CVE-2024-7701 - 6 hours ago
CVE-2024-56082 - 12 hours ago
CVE-2024-56074 - 13 hours ago
CVE-2024-55969 - 13 hours ago
CVE-2024-56072 - 14 hours ago
CVE-2024-56073 - 14 hours ago
CVE-2024-55970 - 14 hours ago
CVE-2024-31892 - 1 day ago
CVE-2024-31891 - 1 day ago
CVE-2024-11721 - 1 day ago
CVE-2024-11720 - 1 day ago
CVE-2024-12446 - 1 day ago
CVE-2024-12628 - 1 day ago
CVE-2024-11711 - 1 day ago
CVE-2024-11712 - 1 day ago
CVE-2024-11713 - 1 day ago
CVE-2024-11714 - 1 day ago
CVE-2024-11715 - 1 day ago
CVE-2024-11710 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-55970 - 14 hours ago
CVE-2024-56072 - 14 hours ago
CVE-2024-56073 - 14 hours ago
CVE-2024-55969 - 13 hours ago
CVE-2024-56074 - 13 hours ago
CVE-2024-56082 - 12 hours ago
CVE-2024-7701 - 6 hours ago
CVE-2024-11858 - 3 hours ago
CVE-2022-43472 - 2 days ago
CVE-2022-44578 - 2 days ago
CVE-2022-45806 - 2 days ago
CVE-2022-45819 - 2 days ago
CVE-2022-45826 - 2 days ago
CVE-2022-45840 - 2 days ago
CVE-2022-45841 - 2 days ago
CVE-2022-46795 - 2 days ago
CVE-2022-46796 - 2 days ago
CVE-2022-46807 - 2 days ago
CVE-2022-46811 - 2 days ago
CVE-2022-46838 - 2 days ago