5327 matches found
SupportPRO Supportdesk XSS vuln.
SupportPRO Supportdesk XSS vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/supportpro-supportdesk-xss-vuln.html Vendor:http://supportpro.net/ Input passed to the post and view tickets parameters isn't properly sanitised before being returned t...
ezyhelpdesk Multiple Sql inj
ezyhelpdesk Multiple Sql inj. Vuln. dicovered by : r0t Date 23 nov. 2005 Original advisory:http://pridels.blogspot.com/2005/11/ezyhelpdesk-multiple-sql-inj.html Vendor:http://www.ezyhelpdesk.com affected version: 1.0 and prior Software description: ezyhelpdesk is an instrumental piece of software...
1-2-3 music store "AlbumID" Sql injection.
1-2-3 music store "AlbumID" Sql injection. Vuln. dicovered by : r0t Date 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/1-2-3-music-store-albumid-sql.html Vendor:http://easybe.com/ affected version: 1.0 and prior Product Description: Description: 1-2-3 Music Store - the music...
CVE-2005-3747
Jetty (web server/container) affected by CVE-2005-3747: Unspecified vulnerability in Jetty before 5.1.6 could allow remote attackers to obtain the source code of JSP pages, potentially by requesting .jsp files with URL-encoded backslash characters ("%5C"). The issue is noted as possibly the same ...
CVE-2005-3747
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...
Jetty < 5.16.0 JSP Source Code Disclosure
Binary data 3301.prm...
AlstraSoft EPay Pro "pmodule" SQL Injection Vulnerability
AlstraSoft EPay Pro "pmodule" SQL Injection Vulnerability Vuln. dicovered by : r0t Vendor:http://www.alstrasoft.com/ Product link: http://www.alstrasoft.com/epay.htm affected version:v2.0 Product Overview: How would you like to own your very own payment processing website and business built with...
[SA17652] e-Quick Cart SQL Injection Vulnerabilities
TITLE: e-Quick Cart SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA17652 VERIFY ADVISORY: http://secunia.com/advisories/17652/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: e-Quick Cart http://secunia.com/product/6165/ DESCRIPTION: BiPiHaCk has...
[SA17659] Jetty JSP Source Code Disclosure Vulnerability
TITLE: Jetty JSP Source Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA17659 VERIFY ADVISORY: http://secunia.com/advisories/17659/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Jetty 5.x http://secunia.com/product/6169/ DESCRIPTION: A...
[Full-disclosure] Secunia Research: Winmail Server Multiple Vulnerabilities
====================================================================== Secunia Research 18/11/2005 - Winmail Server Multiple Vulnerabilities - ====================================================================== Table of Contents Affected...
CVE-2002-2186
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL...
CVE-2002-2186
Technical details about CVE-2002-2186 are not publicly provided in the connected documents. Monitor for updates.
Microsoft IIS UNC Mapped Virtual Host Vulnerability
Your IIS webserver allows the retrieval of ASP/HTR source code. SPDX-FileCopyrightText: 2001 [email protected] Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WebLogic source code disclosure
There is a bug in the Weblogic web application. Namely, by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. OpenVAS Vulnerability Test $Id: consolehelp.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: WebLogic source code disclosure Authors: John Lampe...
Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail
The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - . This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities. OpenVAS Vulnerability Test $Id:...
Oracle 9iAS OWA UTIL access
Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...
ASP source using %20 trick
It is possible to get the source code of the remote ASP scripts by appending %20 at the end of the request like GET /default.asp%20 ASP source code usually contains sensitive information such as logins and passwords. OpenVAS Vulnerability Test $Id: aspsourcespace.nasl 8023 2017-12-07 08:36:26Z...
ASP/PHP '%20' Source Code Disclosure Vulnerability - Active Check
Multiple products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi SPDX-FileCopyrightText: New code / detection methods since 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
WebLogic Server /%00/ bug
Requesting a URL with SPDX-FileCopyrightText: 2001 StrongHoldNet Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:weblogicserver"; ifdescription...
Microsoft IIS UNC Mapped Virtual Host Vulnerability
Your IIS webserver allows the retrieval of ASP/HTR source code. An attacker can use this vulnerability to see how your pages interact and find holes in them to exploit. OpenVAS Vulnerability Test $Id: iisuncmappedvirthostvuln.nasl 6046 2017-04-28 09:02:54Z teissa $ Description: Microsoft IIS UNC...