Stud.IP 1.3.0-2 - Multiple Remote File Inclusions

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...

CVE-2006-3231

Unspecified vulnerability in IBM WebSphere Application Server WAS before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."...

[SA20436] PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

ishopcart-cgi-bof.c.txt

Vendor: ishopcart inc Vendor Site: ishopcart.com Vendor Status: notified via telephone While spending a night auditing I have found 2 buffer overflows and 1 directory traversal in the ishopcart cgi, which is written in C. The directory traversal is caused by how the cgi chooses to show pages. If,...

Code injection

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

CVE-2006-2759

Jetty 6.0.x (jetty6) beta16 has an information-disclosure vulnerability: remote attackers can read the source of JSP files by using a capital P in the .jsp extension (and likely other mixed-case variants). The issue is confirmed across multiple sources (NVD, SUSE, GHSA, OSV, Veracode, PRION, CVE ...

Design/Logic Flaw

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

CVE-2006-2309

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

CVE-2006-2309

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

Multiple eserv IMAP mail server and web server vulnerabilities

IMAP server directory traversal, HTTP scripts source code disclosure...

DGNews v 1.5 File Upload Vuln.

DGNews v 1.5 File Upload Vuln. Vuln. discovered by : r0t Date: 29 may 2006 vendor:www.diangemilang.com/dgscripts.php affected versions:v 1.5 and prior orginal advisory: http://pridels.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html Vuln. Description: It is possible to upload arbitrary file...

“Vulnerability exploits”is compiled out of the-vulnerability warning-the black bar safety net

Step 2. Choose to install the desired program source of the method There are 3 kinds of way.“ The Install from Internet”to directly download the desired program and immediately installed; the“Download from Internet”to only download the required program and is not installed; the“Install from Local...

[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability

MajorSecuritySocketmail = 2.2.6 - Remote File Include Vulnerability -------------------------------------------------------- Software: Socketmail Version: =2.2.6 Type: Remote File Include Vulnerability Date: May, 25th 2006 Vendor: Creative Digital Resources Page: http://socketmail.com Risc: High...

EVA-Web <=2.1.2 vuln.

EVA-Web =2.1.2 vuln. Vuln. discovered by : r0t Date: 27 may 2006 vendor:http://spip-edu.edres74.net/ affected versions:2.1.2 and prior orginal advisory:http://pridels.blogspot.com/2006/05/eva-web-212-vuln.html Vuln. Description: EVA-Web contains a flaw that allows a remote cross site scripting...

Server termination in netPanzer 0.8 (rev 952)

Luigi Auriemma Application: netPanzer http://www.netpanzer.org http://netpanzer.berlios.de Versions: = 0.8 rev 952 Platforms: nix, BSD, Windown, Mac and others Bug: server termination Exploitation: remote, versus server Date: 23 May 2006 Author: Luigi Auriemma e-mail: [email protected] web:...

Boastmachine.txt

Advisory : Cross Site Scripting in Boastmachine http://boastology.com/ Release Date : 17/05/2005 Last Modified : 17/05/2005 Author : Yunus Emre Yilmaz http://yns.zaxaz.com Application : BoastMachine v3.1 maybe older versions Risk : High Problem : Form action values in admin.php and index.php mayb...

[SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1064-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 19th, 2006 http://www.debian.org/security/faq -...

CVE-2006-2466

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."...

[SA20171] CodeAvalanche News "password" SQL Injection Vulnerability

TITLE: CodeAvalanche News "password" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA20171 VERIFY ADVISORY: http://secunia.com/advisories/20171/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: CodeAvalanche News 1.x http://secunia.com/product/10033/...

Code injection

The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...