1212 matches found
Noguska Nola 1.1.1 [ Intranet Business Management Software ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noguska Nola 1.1.1 Intranet Business Management Software .: Software Desciption :. - -- compied from their site -- Redefining the scope of Enterprise Software The NOLA web based software package allows your business to effortlessly reach further than...
Abe Timmerman - 'zml.cgi' File Disclosure
source: https://www.securityfocus.com/bid/3759/info zml.cgi is a perl script which can be used to support server side include directives under Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It can run on Linux and Unix systems or any...
Other Web Servers vulnerable to %3f.jsp directory listing
I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the 3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server:...
Apache UserDir Directive Username Enumeration
When configured with the 'UserDir' option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home. For instance, by default, requesting /root/ displays the HTML contents from /root/publichtml/. If the username requested does not...
CGIEmail 1.6 - Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/6141/info A vulnerability has been discovered in CGIEmail. It should be noted that this vulnerability exists only if the server allows queries to remote hosts. A remotely exploitable buffer overflow has been discovered in a component included with...
Apache 1.0/1.2/1.3 - Server Address Disclosure
// source: https://www.securityfocus.com/bid/3169/info A vulnerability has been discovered in Apache web server that may result in the disclosure of the server's address. The problem occurs when a HTTP request containing the URI of a directory is submitted to the server. If the URI does not conta...
Apache mod_status /server-status Information Disclosure
A remote unauthenticated attacker can obtain an overview of the remote Apache web server's activity and performance by requesting the URL '/server-status'. This overview includes information such as current hosts and requests being processed, the number of workers idle and service requests, and C...
ASPSeek.txt
Hi comrades: I'dont speak write wery good English by this reason a go to pass to describe the information that I have and I could test about this vulnerability: I know some servers whit this bug, I only test it in this type of servers but should run in others whitout problems. Tested in Server:...
PHP remote format string vulnerabilities
OVERVIEW PHP is a commonly used HTML-embedded scripting language. Format string vulnerabilities exist in the error logging routines of PHP versions 3 and 4, allowing remote users to execute arbitrary code under the web server's user id. A web server having PHP installed and one or more PHP script...
CVE-2000-0505
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters...
CVE-1999-0289
The CVE-1999-0289 entry concerns the Apache HTTP Server for Win32. Affected component: the Web server handling URLs; issue described as: the server may provide access to restricted files when a "." is appended to a requested URL. The core impact is restricted-file disclosure. Public details acros...
CVE-1999-1199
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service resource exhaustion via a large number of MIME headers with the same name, aka the "sioux" vulnerability...