CVE-2006-2437

The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...

[SA20115] Php Blue Dragon CMS "vsDragonRootPath" File Inclusion

TITLE: Php Blue Dragon CMS "vsDragonRootPath" File Inclusion SECUNIA ADVISORY ID: SA20115 VERIFY ADVISORY: http://secunia.com/advisories/20115/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Php Blue Dragon CMS 2.x http://secunia.com/product/9942/ DESCRIPTION: Kacper...

Design/Logic Flaw

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

CVE-2006-2357

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

CVE-2006-2357

CVE-2006-2357 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp, leading to partial confidentiality impact. The NVD entry lists a Netw...

CVE-2006-2357

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)

The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues, including source code disclosure and cross-site scripting...

eWebEditor: the website of the invisible bomb-vulnerability warning-the black bar safety net

Article author: koshan Information source: http://www.hacker.com.cn/ Dear webmasters in using the eWebEditor is found, eWebEditor improperly configured so that it will become the site of the Unabomber? The first discovery of this vulnerability stems from last year's invasion, in the dead end of t...

Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting

Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-cod...

Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting

Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code...

CVE-2006-2248

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

Design/Logic Flaw

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

CVE-2006-2248

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

CVE-2006-2248

CVE-2006-2248 affects Xeneo Web Server 2.2.22.0. The issue allows remote attackers to obtain the source code of script files by sending crafted requests that include dot, space, and slash characters in the file extension. This is a direct information disclosure vulnerability affecting the server’...

[SA19996] 2005-Comments-Script Multiple Vulnerabilities

TITLE: 2005-Comments-Script Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19996 VERIFY ADVISORY: http://secunia.com/advisories/19996/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: 2005-Comments-Script http://secunia.com/product/9778/ DESCRIPTION: Some...

RaidenHTTPD Web server / Quick 'n Easy Web Server / Baby ASP / Blazix Web Server / AN HTTPD / Xeneo scripts source code disclosure

It's possible to retrieve script source code by adding " ./" to request...

albinator <= 2.0.8 Remote File Inclusion Vuln and XSS

albinator = 2.0.8 Remote File Inclusion Vuln and XSS Vuln. discovered by :VietMafia & r0t Pridels Sec Crew Date: 3 may 2006 vendor:http://www.albinator.com/ affected versions:2.8 and prior orginal advisory:http://pridels.blogspot.com/2006/05/albinator-208-remote-file-inclusion.html Vuln...

CyberBuild vuln.

CyberBuild vuln. Vuln. discovered by : r0t Date: 1 may 2006 vendorlink:www.smartwin.com.au/cyberbuild.htm affected versions:last orginal advisory:http://pridels.blogspot.com/2006/05/cyberbuild-vuln.html Vuln. Description: 1. SQL injection. CyberOffice Warehouse Builder contains a flaw that allows...

Avactis Shopping Cart vuln.

Avactis Shopping Cart vuln. Vuln. discovered by : r0t Date: 1 may 2006 vendor:http://www.avactis.com affected versions:0.1.2 and prior orginal advisory: http://pridels.blogspot.com/2006/05/avactis-shopping-cart-vuln.html Vuln. Description: 1. sql inj. Avactis Shopping Cart contains a flaw that...

MaxTrade sql inj.

MaxTrade sql inj. Vuln. discovered by : r0t Date: 30 april 2006 vendorlink:http://avalonbg.com/ensoft.html affected versions:1.0.1 and prior orginal advisory:http://pridels.blogspot.com/2006/04/maxtrade-sql-inj.html Vuln. Description: MaxTrade contains a flaw that allows a remote sql injection...