Lista CVE - 2010 / Marzo
Visualizzazione 1 - 100 di 513 CVE per Marzo 2010 (Pagina 1 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2010-0762 | 2010-03-02 | SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. |
| CVE-2010-0763 | 2010-03-02 | SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action. |
| CVE-2010-0764 | 2010-03-02 | SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action. |
| CVE-2010-0765 | 2010-03-02 | fipsForum 2.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for _database/forumFips.mdb. |
| CVE-2010-0787 | 2010-03-02 | client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via... |
| CVE-2010-0788 | 2010-03-02 | ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. |
| CVE-2010-0789 | 2010-03-02 | fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. |
| CVE-2010-0726 | 2010-03-02 | Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related... |
| CVE-2010-0795 | 2010-03-02 | SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to... |
| CVE-2010-0796 | 2010-03-02 | SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php. |
| CVE-2010-0799 | 2010-03-02 | Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. |
| CVE-2010-0800 | 2010-03-02 | SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a... |
| CVE-2010-0802 | 2010-03-02 | SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view... |
| CVE-2010-0803 | 2010-03-02 | SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php. |
| CVE-2010-0804 | 2010-03-02 | Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action. |
| CVE-2010-0797 | 2010-03-02 | Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-0798 | 2010-03-02 | SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0801 | 2010-03-02 | Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the... |
| CVE-2010-0156 | 2010-03-03 | Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux... |
| CVE-2010-0205 | 2010-03-03 | The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed... |
| CVE-2010-0483 | 2010-03-03 | vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers... |
| CVE-2010-0766 | 2010-03-03 | Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with... |
| CVE-2010-0917 | 2010-03-03 | Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute... |
| CVE-2010-0918 | 2010-03-03 | Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. |
| CVE-2010-0919 | 2010-03-03 | Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281... |
| CVE-2010-0921 | 2010-03-03 | Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified... |
| CVE-2010-0920 | 2010-03-03 | Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2010-0922 | 2010-03-03 | Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details... |
| CVE-2010-0923 | 2010-03-03 | Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by... |
| CVE-2010-0924 | 2010-03-03 | cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a... |
| CVE-2010-0925 | 2010-03-03 | cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string... |
| CVE-2009-4656 | 2010-03-03 | Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute... |
| CVE-2009-4657 | 2010-03-03 | The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting... |
| CVE-2009-4658 | 2010-03-03 | Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by... |
| CVE-2009-4659 | 2010-03-03 | Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows user-assisted remote attackers to cause a denial of service (application crash) via a long string in a WAV file. |
| CVE-2009-4660 | 2010-03-03 | Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660. |
| CVE-2009-4661 | 2010-03-03 | Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not... |
| CVE-2009-4662 | 2010-03-03 | Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2009-4663 | 2010-03-03 | Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method. |
| CVE-2009-4664 | 2010-03-03 | Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the... |
| CVE-2009-2753 | 2010-03-05 | Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9... |
| CVE-2009-2754 | 2010-03-05 | Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9... |
| CVE-2010-0408 | 2010-03-05 | The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which... |
| CVE-2010-0419 | 2010-03-05 | The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest... |
| CVE-2010-0587 | 2010-03-05 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service... |
| CVE-2010-0588 | 2010-03-05 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via... |
| CVE-2010-0590 | 2010-03-05 | The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure)... |
| CVE-2010-0591 | 2010-03-05 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via... |
| CVE-2010-0592 | 2010-03-05 | The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows... |
| CVE-2010-0927 | 2010-03-05 | Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or... |
| CVE-2009-4665 | 2010-03-05 | Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2009-4666 | 2010-03-05 | Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2)... |
| CVE-2009-4667 | 2010-03-05 | SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter. |
| CVE-2009-4668 | 2010-03-05 | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of... |
| CVE-2009-4669 | 2010-03-05 | Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php,... |
| CVE-2009-4670 | 2010-03-05 | admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter. |
| CVE-2009-4671 | 2010-03-05 | Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account. |
| CVE-2009-4672 | 2010-03-05 | Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg... |
| CVE-2009-4673 | 2010-03-05 | SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. |
| CVE-2009-4674 | 2010-03-05 | admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field. |
| CVE-2009-4675 | 2010-03-05 | admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission. |
| CVE-2009-3032 | 2010-03-05 | Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and... |
| CVE-2009-3245 | 2010-03-05 | OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and... |
| CVE-2010-0302 | 2010-03-05 | Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows... |
| CVE-2010-0393 | 2010-03-05 | The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings,... |
| CVE-2010-0425 | 2010-03-05 | modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete... |
| CVE-2010-0433 | 2010-03-05 | The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote... |
| CVE-2010-0434 | 2010-03-05 | The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving... |
| CVE-2010-0570 | 2010-03-05 | Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a... |
| CVE-2010-0571 | 2010-03-05 | Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web... |
| CVE-2010-0572 | 2010-03-05 | Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticated users to discover Cisco Digital Media Player credentials via vectors related to reading a (1) error log or (2) stack... |
| CVE-2010-0573 | 2010-03-05 | Unspecified vulnerability on the Cisco Digital Media Player before 5.2 allows remote attackers to hijack the source of (1) video or (2) data for a display via unknown vectors, related... |
| CVE-2010-0792 | 2010-03-05 | fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. |
| CVE-2010-0928 | 2010-03-05 | OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the... |
| CVE-2009-4676 | 2010-03-05 | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of... |
| CVE-2010-0929 | 2010-03-05 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3,... |
| CVE-2010-0930 | 2010-03-05 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff,... |
| CVE-2010-0931 | 2010-03-05 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. |
| CVE-2010-0932 | 2010-03-05 | The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. |
| CVE-2010-0933 | 2010-03-05 | Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. |
| CVE-2010-0934 | 2010-03-05 | The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in... |
| CVE-2010-0935 | 2010-03-05 | Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. |
| CVE-2009-4677 | 2010-03-08 | Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of... |
| CVE-2009-4678 | 2010-03-08 | Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| CVE-2009-4679 | 2010-03-08 | Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in... |
| CVE-2010-0936 | 2010-03-08 | Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. |
| CVE-2010-0937 | 2010-03-08 | Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors. |
| CVE-2010-0938 | 2010-03-08 | Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action. |
| CVE-2010-0939 | 2010-03-08 | Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. |
| CVE-2010-0940 | 2010-03-08 | Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| CVE-2010-0941 | 2010-03-08 | Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3)... |
| CVE-2010-0942 | 2010-03-08 | Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-0943 | 2010-03-08 | Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase... |
| CVE-2010-0944 | 2010-03-08 | Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| CVE-2010-0945 | 2010-03-08 | SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-0946 | 2010-03-08 | SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a... |
| CVE-2010-0418 | 2010-03-09 | The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. |
| CVE-2010-0790 | 2010-03-09 | sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via... |
| CVE-2010-0791 | 2010-03-09 | The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure)... |
| CVE-2010-0926 | 2010-03-09 | The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal... |