BRS WebWeaver 0.x FTP Root Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2676/info BRS WebWeaver is an ftpd and webserver from Blaine Southam. WebWeaver's FTP component has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory. By submitting the F...

Fastream NetFile 6.0.3 .588 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a 404...

Aestiva HTML/OS 2.4 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5618/info Aestiva HTML/OS is a database engine and development suite for building websites and web-based software products. HTML/OS does not sufficiently sanitize metacharacters from error message output. In particular,...

Webchat 2.0 Module Path Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7774/info Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the...

Symantec Norton Internet Security 2003 6.0.4 .34 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8904/info It has been reported that Symantec Norton Internet Security is prone to a cross-site scripting vulnerability. The issue is reported to exist when the software blocks a restricted website and an error message...

Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/194/info A GET request that specifies a nonexistent file with an IISAPI-registered extension ie .pl, .idq will cause the IIS server to return an error message that includes the full path of the root web server directory...

Microsoft Internet Explorer 6.0 Resource Detection Weakness

No description provided by source. source: http://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within...

Apache Tomcat 3.1 Path Revealing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1531/info A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part of...

Mailtraq 2.2 Webmail Utility Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7815/info A vulnerability has been reported for Mailtraq that may result in the disclosure of path information. The vulnerability exists due to insufficient sanitization of HTTP requests. Specifically, a request for...

FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient...

Opera Web Browser 7.5 Resource Detection Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10961/info Opera Web Browser is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within the same...

M-TECH P-Synch 6.2.5 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7740/info Reportedly an attacker may make a malicious HTTP request for specific P-Synch executables passing an empty URI parameter to trigger the condition. Although unconfirmed, it is likely that the request will cause...

Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability

No description provided by source. Luigi Auriemma Application: Quicktime Player http://www.apple.com/quicktime Versions: = 7.3.1.70 Platforms: Windows and Mac Bug: buffer-overflow Exploitation: remote Date: 10 Jan 2008 Thanx to: swirl for the help during the re-testing of the bug Author: Luigi...

myBloggie 2.1.2/2.1.3 addcat.php errormsg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

TOPO 1.41 Remote Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6768/info It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory...

C-Cart 1.0 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8368/info C-Cart is prone to a path disclosure vulnerability. Passing invalid data as a URI parameter to several C-Cart scripts will cause an error message to be displayed, which contains installation path information...

PHP Nuke 5.x Error Message Web Root Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously...

RARLAB WinRar 2.90/3.x UUE/XXE Invalid Filename Error Message Format String

No description provided by source. source: http://www.securityfocus.com/bid/15062/info WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a...

PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9261/info A vulnerability has been reported to be present in the software that may allow a remote attacker to execute HTML or script code in a user's browser. It has been reported that the problem arises when the software...

BlueFace Falcon Web Server 2.0 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5435/info Falcon Webserver does not sufficiently sanitize HTML tags from error message output. In particular, attackers may inject HTML into 301 and 404 error pages. It is possible to create a malicious link to the server...