332 matches found
CVE-2006-1598
AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...
CVE-2006-0816
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...
CVE-2006-0816
Orion Application Server before 2.0.7 on Windows is affected by a filename extension validation flaw that allows remote disclosure of JSP source code. An attacker can craft a URL with dot or space characters in the extension to reveal the contents of JSP files. The vulnerability impacts confident...
Cross site request forgery (csrf)
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via 1 dot, 2 space, 3 slash, or 4 NULL characters in the filename extension of an HTTP request...
Code injection
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...
CVE-2006-0949
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...
CVE-2004-2636
CVE-2004-2636 affects TinyWeb 1.9, where remote attackers can read the source code of scripts by using a URL containing "/./". The NVD entry shows a base score of 5.0 (Medium) with network access and low complexity, and partial confidentiality impact. Connected sources also corroborate the vulner...
Remote IIS 5.x and IIS 6.0 Server Name Spoof
Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...
CVE-2001-1511
The CVE-2001-1511 issue affects JRun 3.0/3.1 running on JRun Web Server (JWS) and IIS, where remote attackers can read arbitrary JSP source code by requesting a URL containing a source filename ending in jsp%00 or js%2570. This indicates a file-disclosure vulnerability enabling access to server-s...
CVE-2005-2008
CVE-2005-2008 affects Yaws Webserver 1.55 and earlier. A remote attacker can obtain the source code of yaw scripts by requesting a .yaws script with a trailing %00 (null). The root cause is a null-byte handling issue in script requests. Impact is information disclosure of script source; no integr...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
YAWS < 1.56 Script File Source Code Disclosure
Binary data 3019.prm...
CVE-2003-1127
Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor...
CVE-2003-1127
CVE-2003-1127 affects Whale Communications e-Gap 2.5 on Windows 2000. The vulnerability allows remote attackers to obtain the login page source code by using the HTTP TRACE method, bypassing the preprocessor. Documented impact is partial confidentiality loss with no indicated integrity or availab...
CVE-2005-0622
RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing 1 . dot or 2 space...
Blazix Trailing Character JSP Source Disclosure
The remote host is running the Blazix web server, a web server written in Java. The installed version of Blazix discloses the source code of its JSP pages by requesting the pages while appending a plus sign or a backslash to its name. An attacker may use this flaw to get the source code of your...
CVE-2005-0286
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a 1 . dot or 2 + plus sign at the end, which returns the source code for that file...
CVE-2004-2213
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a 1 trailing dot "." or 2 trailing space in an HTTP request...
CVE-2004-2636
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL...
CVE-2002-1528
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...