CVE-2001-0709

Vulnerability summary (CVE-2001-0709): Microsoft IIS 4.0 and earlier, when installed on a FAT partition, is susceptible to remote disclosure of ASP source code. An attacker can obtain the source by requesting a URL encoded with Unicode. The description in the provided documents confirms the expos...

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

-- iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- Overview -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search...

Получение исходного текста CGI в Bad Blue (source code retrieval)

Додбавив 00 к имени файла PHP или CGI можно получить его исходный код...

BSDi (3.0/3.1) reboot machine code as any user (non-specific)

this is something from a little while back. thought i might as well post it for some sort of use, generally a pretty minimal problem. has similar effects to the old f00f bug. except this reboots the machine, instead of having a freezing effect. original source: http://realhalo.org/killbsdi.c --...

OmniHTTPd Encoded Space Request Script Source Disclosure

OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as...

hypo_linksys_advisory.txt

:UPDATE hypoclear security advisory UPDATE: Update Note: Thanks to the guys on the vuln-watch list who helped with a better solution! Vendor : Linksys | http://www.linksys.com/ Product : EtherFast 4-Port Cable/DSL Router Category : Design Flaw Date : 08-02-01 Update : 08-02-01 CONTENTS 1. Overvie...

Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options

Overview The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. Description There is a remotely...

OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a

OpenSSL Security Advisory 10 July 2001 WEAKNESS OF THE OpenSSL PRNG IN VERSIONS UP TO OpenSSL 0.9.6a ------------------------------------------------------------- CONTENTS: - Synopsis - Detailed problem description - Solution - Impact - Source code patch - Acknowledgement OpenSSL 0.9.6b has been...

Дырки в нескольких Web-серверах (buffer overflow, source code disclosure)

Переполнения буфера и другие дырки...

Получение исходного кода страницы в Perception LiteServe (source code retrieval)

Можно получить исходный текст страницы используя имена в формате 8.3...

CVE-2001-0446

IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...

ScreamingMedia SITEWare source code disclosure vulnerability

FS Advisory ID: FS-061201-18-SMSW Release Date: June 11, 2001 Product: ScreamingMedia SITEWare Vendor: ScreamingMedia Inc. http://www.screamingmedia.com Vendor Advisory: http://www.screamingmedia.com/security/sms1001.php Type: Source code disclosure vulnerability Severity: High Author: Mike Shema...

BSD - TelnetD Remote Command Execution (1)

BSD - TelnetD Remote Command Execution 1 / 7350854 - x86/bsd telnetd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third...

BSD - 'TelnetD' Remote Command Execution (1)

/ 7350854 - x86/bsd telnetd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties, copied or duplicated in any form, in...

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure

WebTrends Enterprise Reporting Server 3.1 c3.5 - Source Code Disclosure source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of...

WebTrends Enterprise Reporting Server 3.1 c/3.5 - Source Code Disclosure

source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of arbitrary scripts on the WebTrends Live webserver. This is accomplished by...

Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure

source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space...

CVE-2001-0399

CVE-2001-0399 affects Caucho Resin 1.3b1 and earlier. A path traversal / information disclosure flaw lets remote attackers read Javabean source by inserting a .jsp before the WEB-INF specifier in an HTTP request. OpenVAS entries corroborate the issue as a remote vulnerability with a 5.0 CVSS base...

CVE-2001-0399

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request...

CVE-2001-0446

CVE-2001-0446 affects IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2. The issue enables remote attackers to read source code for *.jsp files by appending a "/" to the requested URL, exposing partial confidentiality (C:P/I:N/A:N; CVSS v2 base 5.0). No exploitation details a...