Whale Communications e-Gap Security Appliance 2.5 - Login Page Source Code Disclosure

source: https://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of the login script. The login page is...

Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method

Overview Whale communications e-Gap security appliance is a tool to provide a secure remote web access platform. A vulnerability exists that may permit a remote attacker to gain access to the source code of the login page. Description Whale communications e-Gap security appliance version 2.5...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

CVE-2003-1408

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot...

Server side scripts viewing in Goahead webserver <= 2.1.7

Luigi Auriemma Application: Goahead webserver http://12.129.4.11/webserver/webserver.htm Versions: = 2.1.7 Platforms: multiplatform Bug: source code viewing of server side script files Risk: low/medium Exploitation: easy via browser Date: 17 Dec 2003 Author: Luigi Auriemma e-mail:...

OpenBSD kernel holes ...

once again i am honored to present you a generic and robust way to own OpenBSD 2.x-3.x, enjoy ; it is quite funny to name ring 0 overflow patches as "reliability fixes". who does theo thinks he is fooling ? kiddies in his cult ? you can patch your useless/old openbsd systems by visiting;...

myPHPCalendar : Informations Disclosure, File Include

Informations : °°°°°°°°°°°°° Language : PHP Version : 10192000 Build 1 Beta Website : http://myphpcalendar.sourceforge.net/ Problems : - Informations Disclosure - File Include PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin.php, contacts.php, convert-date.php : ------------------------ include...

Hummingbird CyberDOCS sets insecure permissions on script source code files

Overview Hummingbird CyberDOCS running on Microsoft Internet Information Services IIS sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document manageme...

ChatZilla <=v0.8.23 remote DoS vulnerability

/ m00 security advistory 003 ChatZilla =v0.8.23 remote DoS vulnerability www.m00security.org / --------------------------------- Product: ChatZilla Version: 0.8.23 and bellow OffSite: www.mozilla.org --------------------------------- Overview: ChatZilla is a popular? linux irc-client. Mozilla/5.0...

CVE-2003-0423

parsexml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter...

Advisory 02/2003: emule/xmule/lmule vulnerabilities

e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: eMule/lmule/xmule multiple remote vulnerabilities Release Date: 2003/08/17 Last Modified: 2003/08/17 Author: Stefan Esser [email protected] Application: eMule = 0.29c xmule = 1.4.3, = 1.5.6a lmule = 1.3.1 Severity: Several...

CVE-2003-0424

Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space %20 or . %2e characters to an HTTP request for the script, e.g. viewbroadcast.cgi...

CVE-2003-0423

parsexml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter...

CVE-2003-0424

The CVE-2003-0424 entry affects Apple QuickTime/Darwin Streaming Server prior to 4.1.3f. The vulnerability allows an attacker to disclose script source code by appending encoded characters (%20 space or %2e dot) to an HTTP request for a script (e.g., /view_broadcast.cgi). The issue is a Script So...

CVE-2003-0423

Apple QuickTime/Darwin Streaming Server’s parse_xml.cgi vulnerability (CVE-2003-0423) allows remote access to the source code of files via /parse_xml.cgi?filename=[file] for DS 4.1.3g and earlier. The issue is caused by Web root script disclosure, with no fix available at the time and Apple inves...

ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.

just downloaded ezbounce, quick audit yielded this format bug. the bug exists from version 1.0 to current1.04a-stable/1.50-pre6-beta at the time. the bug occurs inside the "sessions" command. most of the details are explained in the exploit comments. pretty much explains how to get the addresses...

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

VisNetic WebMail 5.8.6 .6 - Information Disclosure

source: https://www.securityfocus.com/bid/8018/info VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser...

jboss .jsp source code leakage

By adding 00 то URL it's possible to obtain source code of .jsp page...

CVE-2003-0411

CVE-2003-0411 affects Sun ONE Application Server 7.0 on Windows 2000/XP. A remote attacker can obtain JSP source code by requesting a file with the uppercase extension ".JSP" instead of ".jsp". The provided documents do not specify a patch version or remediation; exploitation details are not desc...