5639 matches found
Opera 7.0 - JavaScript Console Attribute Injection
source: https://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context...
Opera 7.0 - JavaScript Console Attribute Injection
Opera 7.0 - JavaScript Console Attribute Injection source: https://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability ...
Apache Tomcat 3.x - Null Byte Directory / File Disclosure
source: https://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. It has been reported that remote attackers may view directory contents even when an 'index.html' or other welcome file. It is also possible...
Apache Tomcat 3.x - Null Byte Directory File Disclosure
Apache Tomcat 3.x - Null Byte Directory File Disclosure source: https://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. It has been reported that remote attackers may view directory contents even when an...
W-Agora 4.1.6 - 'index.php?bn' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a URL consisting of dot-dot-slash ../ character sequences to obtain...
W-Agora 4.1.6 - 'modules.php?File' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a URL consisting of dot-dot-slash ../ character sequences to obtain...
W-Agora 4.1.6 - modules.php?File Traversal Arbitrary File Access
W-Agora 4.1.6 - modules.php?File Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a...
W-Agora 4.1.6 - index.php?bn Traversal Arbitrary File Access
W-Agora 4.1.6 - index.php?bn Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a URL...
CVE-2002-2187
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact...
Perl-HTTPd File Disclosure Vulnerability
Description It has been reported that Perl-HTTPd fails to properly sanitize some web requests. By exploiting this issue, an attacker is able to traverse outside of the established web root by using dot-dot-slash ../ directory traversal sequences. An attacker may be able to obtain any web server...
CHETCPASSWD 1.12 - Shadow File Disclosure
source: https://www.securityfocus.com/bid/6472/info CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker. It is possible to exploit this issue by sending an overly long string as a value for the 'user' URI...
CHETCPASSWD 1.12 - Shadow File Disclosure
CHETCPASSWD 1.12 - Shadow File Disclosure source: https://www.securityfocus.com/bid/6472/info CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker. It is possible to exploit this issue by sending an overly lo...
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
The msmmask.exe CGI is installed. Some versions allow an attacker to read the source of any file in your web server's directories by using the 'mask' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Affected: MondoSearch 4.4.5147 and below. MondoSearch 4.4.5156 and above are NOT...
W3Mail 1.0.6 - File Disclosure
source: https://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to the open function as the filenam...
W3Mail 1.0.6 - File Disclosure
W3Mail 1.0.6 - File Disclosure source: https://www.securityfocus.com/bid/6170/info Versions of W3Mail 1.0.6 and greater are susceptible to a file disclosure vulnerability. To view attachments, the script "viewAttachment.cgi" accepts the parameter "file". The value of this parameter is passed to t...
iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 11.08.02a: http://www.idefense.com/advisory/11.08.02a.txt File Disclosure Vulnerability in Simple Web Server November 8, 2002 I. BACKGROUND As its name suggests, Peter Sandvik's Simple Web Server is a Linux-based web server...
Simple Web Server 0.5.1 - File Disclosure
source: https://www.securityfocus.com/bid/6145/info Simple Web Server does not properly sanitize web requests. By adding a slash-slash sequence '//' to a URI, it is possible for an attacker to disclose files on the vulnerable web server, effectively bypassing any access controls...
Simple Web Server 0.5.1 - File Disclosure
Simple Web Server 0.5.1 - File Disclosure source: https://www.securityfocus.com/bid/6145/info Simple Web Server does not properly sanitize web requests. By adding a slash-slash sequence '//' to a URI, it is possible for an attacker to disclose files on the vulnerable web server, effectively...
ION Script 1.4 - Remote File Disclosure
source: https://www.securityfocus.com/bid/6091/info A vulnerability has been discovered in ION Script. By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary webserver readable files. As webservers a...
ION Script 1.4 - Remote File Disclosure
ION Script 1.4 - Remote File Disclosure source: https://www.securityfocus.com/bid/6091/info A vulnerability has been discovered in ION Script. By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary...