[SA16202] Asn Guestbook "version" Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16115] Hosting Controller Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-2213

CVE-2004-2213 affects the Mbedthis AppWeb HTTP server prior to 1.1.3. An HTTP request containing a trailing dot "." or trailing space can disclose the server-side source code of scripts to a remote attacker. The description indicates the vulnerability path is via crafted requests, enabling partia...

CVE-2004-2213

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a 1 trailing dot "." or 2 trailing space in an HTTP request...

[SA15967] Phpauction GPL Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2001-1511

JRun 3.0 and 3.1 running on JRun Web Server JWS and IIS allows remote attackers to read arbitrary JavaServer Pages JSP source code via a request URL containing the source filename ending in 1 "jsp%00" or 2 "js%2570"...

CVE-2001-1511

The CVE-2001-1511 issue affects JRun 3.0/3.1 running on JRun Web Server (JWS) and IIS, where remote attackers can read arbitrary JSP source code by requesting a URL containing a source filename ending in jsp%00 or js%2570. This indicates a file-disclosure vulnerability enabling access to server-s...

[SA16031] iPhotoAlbum File Inclusion Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

FreeBSD : cacti -- multiple vulnerabilities (1cf00643-ed8a-11d9-8310-0001020eed82)

Stefan Esser reports : Wrongly implemented user input filters lead to multiple SQL Injection vulnerabilities which can lead f.e. to disclosure of the admin password hash. Wrongly implemented user input filters allows injection of user input into executed commandline. Alberto Trivero posted his...

[SA16011] PPA "config[ppa_root_path]" File Inclusion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15873] Pavsta Auto Site "sitepath" File Inclusion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2002-1986

Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...

[SA15818] Dynamic Biz Website Builder Admin Login SQL Injection

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15783] Whois.Cart Cross-Site Scripting and Local File Inclusion

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2002-1744

The connected CVE records confirm a directory traversal in CodeBrws.asp for Microsoft IIS 5.0. The vulnerable component is CodeBrws.asp (IIS 5.0), with the underlying issue caused by a hex-encoded "+%c0%ae%c0%ae+" sequence representing ".." that allows remote attackers to view source code and det...

CVE-2002-1745

CVE-2002-1745 concerns an off-by-one error in the CodeBrws.asp sample script bundled with Microsoft IIS 5.0. The vulnerability allows remote attackers to view source code for files with extensions that contain one extra character after .html, .htm, .asp, or .inc (e.g., .aspx). Root cause is an of...

CVE-2002-1745

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files...

CVE-2005-2008

CVE-2005-2008 affects Yaws Webserver 1.55 and earlier. A remote attacker can obtain the source code of yaw scripts by requesting a .yaws script with a trailing %00 (null). The root cause is a null-byte handling issue in script requests. Impact is information disclosure of script source; no integr...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...