CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...

Apache Tomcat Directory Listing and File Disclosure

Apache Tomcat prior to 3.3.1a is affected by a directory listing and file disclosure vulnerability. By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present or obtain unprocessed source code for a JSP file. Also note...

CVE-2002-1451

The vulnerability CVE-2002-1451 affects the Blazix web server (Java-based) prior to version 1.2.2. An HTTP request that ends with a "+" or a backslash "\" can disclose the JSP source code or list restricted directories, enabling partial disclosure of sensitive data. The threat is described as rem...

Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval // source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

// source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password protect pages. Specifically, t...

sendmail 8.12.8 available

-----BEGIN PGP SIGNED MESSAGE----- Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.8. It contains a fix for a critical security problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force for bringing this problem to our attention. Sendmail urges al...

Lotus Domino Source code disclosue

Additional dot in URL allows page source code access...

Lotus Domino DOT Bug Allows for Source Code Viewing

Through some testing against some Lotus Domino web servers verified in version 5 & 6, if you append a period to the end of a non-default Lotus file type non .NSF, .NTF, etc via your browser URL request, you will be prompted to download the file. This has a possible repercussion of the ability to...

Apache Tomcat multiple bugs

Multiple vulnerability allow directory browsing and source code disclosure...

CVE-2003-0042

CVE-2003-0042 affects Apache Jakarta Tomcat up to version 3.3.1a when used with JDK 1.3.1 or earlier. The vulnerability lets remote attackers cause directory listings and disclose JSP/source via a URL containing a null character, bypassing index.html or other welcome-file safeguards. Root cause i...

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

Concurrent Versions System (CVS) server improperly deallocates memory

Overview A "double-free" vulnerability in the Concurrent Versions System CVS server could allow a remote attacker to execute arbitrary code or commands or cause a denial of service on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source...

Critical: Red Hat Security Advisory: cvs security update

Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 CVS is a...

CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

CVE-2002-1635

The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...

CVE-2002-2186

Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL...

PT-2002-2467 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS version 5.0 Description: The issue is related to an off-by-one error in the CodeBrws.asp sample script. This error allows remote attackers to view the source code for files with extensions containing one additional character aft...

GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure

source: https://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append certain characters to the end of a...

GoAhead Web Server 2.1.x - .ASP File Source Code Disclosure

GoAhead Web Server 2.1.x - .ASP File Source Code Disclosure source: https://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP request...