CVE-2002-1528

CVE-2002-1528 concerns the MondoSearch product where the msmmask.exe CGI can disclose script source via the mask parameter. The vulnerability affects MondoSearch 4.4 and older builds, enabling an attacker to read files from the webserver’s directories, which is an information disclosure issue. Op...

CVE-2002-1528

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

CVE-2002-1148

CVE-2002-1148 refers to a vulnerability in Apache Tomcat where the default servlet (org.apache.catalina.servlets.DefaultServlet) on Tomcat 4.0.4, 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Connected sources (GHSA and OSS/ID...

CVE-2002-1394

Apache Tomcat 4.x: vulnerability allows remote disclosure of server source code when using both the invoker servlet and the default servlet (Tomcat 4.0.5 and earlier). Root cause is exposure of server files through misconfigured/default servlet handling; impact is read access to source code and p...

Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities

The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. %NASLMINLEVEL 70300 Th...

Apache Tomcat 4.0.x < 4.0.5 / 4.1.x < 4.1.11 JSP Source Code Disclosure

Binary data 1463.pasl...

WebLogic FileServlet Source Code Disclosure

Binary data 1631.prm...

Important: Red Hat Security Advisory: kernel security update

Updated Itanium kernel packages that fix a number of security issues are now available. The Linux kernel handles the basic functions of the operating system. This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities. Paul Starzetz...

BEA WebLogic < 5.1.0 SP8 Hex-encoded Request JSP Source Disclosure

Binary data 1525.prm...

ProFTPd - &#039;ftpdctl&#039; &#039;pr_ctrls_connect&#039; Local Overflow

/ This is simple local exploit Proof of Concept? for local bug in ProFTPd not in default options must be configured with option --enable-ctrls. Bug exist in func tion prctrlsconnect in file "src/ctrls.c", look: "src/ctrls.c" int prctrlsconnectconst char socketfile ... struct sockaddrun clsock,...

CVE-2004-0495

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool...

Merak Mail Server 7.4.5 - calendar.html?schedule SQL Injection

Merak Mail Server 7.4.5 - calendar.html?schedule SQL Injection source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - ...

Merak Mail Server 7.4.5 - &#039;address.html&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerability - A PHP source code disclosure...

CVE-2004-0496

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool...

Java (.java / .class) Source Code Disclosure

The remote web server is hosting Java .java and/or .class files. These files may contain sensitive or proprietary information. If so, a remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

CVS contains a heap overflow in the handling of flag insertion

Overview A heap overflow vulnerability in the Concurrent Versions System CVS could allow a remote attacker to execute arbitrary code on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory...

Dotnetnuke Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------ DOTNETNUKE MULTIPLE VULNBERABILITIES - - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/?429 1 Source Code & File Access; Severity : Highly...

GoAhead script source leak

It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...

Whale Communications e-Gap Security Appliance 2.5 - Login Page Source Code Disclosure

Whale Communications e-Gap Security Appliance 2.5 - Login Page Source Code Disclosure source: https://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpecte...