CVE-2006-0814

Lighttpd on Windows (1.4.10 and possibly earlier) is affected by an information disclosure vulnerability where specially crafted requests containing trailing dots or spaces bypass Windows handling and cause disclosure of script/source code. Root cause is improper validation of filename extensions...

CVE-2006-0949

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...

CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...

CVE-2006-0949

RaidenHTTPD 1.1.47 is vulnerable to information disclosure via crafted requests containing dot, space, and slash characters that allow remote attackers to obtain source code of script files (e.g., PHP). The underlying issue is inadequate validation of URL filename extensions. A fix is to upgrade ...

NZ Ecommerce SQL&XSS vuln.

Vuln. discovered by : r0t Date: 2 march 2006 vendor: www.digitalbuilder.co.nz/ProductCodeNZEcommerce.asp affected version: latest Orginal advisory: http://pridels.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html 1.XSS Input passed to the "action" parameter in "index.php" isn't properly sanitise...

NetworkActiv Web Server script source code leak

Invalid processing of requests with forward slash character...

NetworkActiv < 3.5.16 Crafted Filename Request Source Code Disclosure

Binary data 3451.prm...

Lighttpd web server source code disclosure

Source code leak on case-insensitive file systems...

[SA19048] LanSuite LanParty Intranet System &quot;fid&quot; SQL Injection

TITLE: LanSuite LanParty Intranet System "fid" SQL Injection SECUNIA ADVISORY ID: SA19048 VERIFY ADVISORY: http://secunia.com/advisories/19048/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: LanSuite LanParty Intranet System 2.x...

[SA18903] iUser Ecommerce common.php File Inclusion Vulnerability

TITLE: iUser Ecommerce common.php File Inclusion Vulnerability SECUNIA ADVISORY ID: SA18903 VERIFY ADVISORY: http://secunia.com/advisories/18903/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: iUser Ecommerce 2.x http://secunia.com/product/8175/ DESCRIPTION: ReZEN ha...

[SA18924] PerlBLOG Multiple Vulnerabilities

TITLE: PerlBLOG Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18924 VERIFY ADVISORY: http://secunia.com/advisories/18924/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: PerlBLOG 1.x http://secunia.com/product/8128/ DESCRIPTION: Aliaksand...

[SA18869] Lighttpd Case-Insensitive Filename Source Code Disclosure

TITLE: Lighttpd Case-Insensitive Filename Source Code Disclosure SECUNIA ADVISORY ID: SA18869 VERIFY ADVISORY: http://secunia.com/advisories/18869/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: lighttpd 1.x http://secunia.com/product/4661/...

[SA18803] DocMGR process.php File Inclusion Vulnerability

TITLE: DocMGR process.php File Inclusion Vulnerability SECUNIA ADVISORY ID: SA18803 VERIFY ADVISORY: http://secunia.com/advisories/18803/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, System access WHERE: From remote SOFTWARE: DocMGR 0.x http://secunia.com/product/8021/...

[SA18672] sPaiz-Nuke &quot;query&quot; Cross-Site Scripting Vulnerability

TITLE: sPaiz-Nuke "query" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18672 VERIFY ADVISORY: http://secunia.com/advisories/18672/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: sPaiz-Nuke http://secunia.com/product/7180/ DESCRIPTION: NightWarrior h...

[SA18392] TheWebForum Script Insertion and SQL Injection Vulnerabilities

TITLE: TheWebForum Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18392 VERIFY ADVISORY: http://secunia.com/advisories/18392/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: TheWebForum 1.x...

[SA18354] 427BB Multiple Vulnerabilities

TITLE: 427BB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18354 VERIFY ADVISORY: http://secunia.com/advisories/18354/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: 427BB 2.x http://secunia.com/product/4730/...

[SA18325] OnePlug CMS SQL Injection Vulnerabilities

TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...

[SA18324] Timecan CMS &quot;viewID&quot; SQL Injection Vulnerability

TITLE: Timecan CMS "viewID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18324 VERIFY ADVISORY: http://secunia.com/advisories/18324/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Timecan CMS 3.x http://secunia.com/product/6756/ DESCRIPTION: Preddy h...

[SA18309] Next Generation Image Gallery &quot;page&quot; Cross-Site Scripting Vulnerability

TITLE: Next Generation Image Gallery "page" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18309 VERIFY ADVISORY: http://secunia.com/advisories/18309/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Next Generation Image Gallery 0.x...

[SA18302] NKads Login SQL Injection Vulnerability

TITLE: NKads Login SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18302 VERIFY ADVISORY: http://secunia.com/advisories/18302/ CRITICAL: Highly critical IMPACT: Security Bypass, Manipulation of data, System access WHERE: From remote SOFTWARE: NKads 1.x http://secunia.com/product/6738/...