5644 matches found
iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 11.08.02a: http://www.idefense.com/advisory/11.08.02a.txt File Disclosure Vulnerability in Simple Web Server November 8, 2002 I. BACKGROUND As its name suggests, Peter Sandvik's Simple Web Server is a Linux-based web server...
Simple Web Server 0.5.1 - File Disclosure
source: https://www.securityfocus.com/bid/6145/info Simple Web Server does not properly sanitize web requests. By adding a slash-slash sequence '//' to a URI, it is possible for an attacker to disclose files on the vulnerable web server, effectively bypassing any access controls...
Simple Web Server 0.5.1 - File Disclosure
Simple Web Server 0.5.1 - File Disclosure source: https://www.securityfocus.com/bid/6145/info Simple Web Server does not properly sanitize web requests. By adding a slash-slash sequence '//' to a URI, it is possible for an attacker to disclose files on the vulnerable web server, effectively...
ION Script 1.4 - Remote File Disclosure
source: https://www.securityfocus.com/bid/6091/info A vulnerability has been discovered in ION Script. By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary webserver readable files. As webservers a...
ION Script 1.4 - Remote File Disclosure
ION Script 1.4 - Remote File Disclosure source: https://www.securityfocus.com/bid/6091/info A vulnerability has been discovered in ION Script. By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary...
MailReader.com 2.3.x - NPH-MR.cgi File Disclosure
MailReader.com 2.3.x - NPH-MR.cgi File Disclosure source: https://www.securityfocus.com/bid/6055/info A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a...
MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure
source: https://www.securityfocus.com/bid/6055/info A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash ../...
[SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - -- BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability -- - -- Type File Disclosure - -- Release Date October 24, 2002 - -- Product / Vendor BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a little testing...
[SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - -- Liteserve Web Server v2.0 Authorization Bypass Vulnerability -- - -- Type File Disclosure - -- Release Date October 24, 2002 - -- Product / Vendor LiteServe is a powerful, full-featured Web, EMail and FTP server. This server software is perfect fo...
[SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - -- BadBlue Web Server v1.7 Protected File Access Vulnerability -- - -- Type File Disclosure - -- Release Date October 24, 2002 - -- Product / Vendor BadBlue is a very small footprint, Win32 web server that supports a suprisingly large array of...
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
source: https://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does not sufficiently filter triple-dot-slash .../ sequences from web...
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure source: https://www.securityfocus.com/bid/5857/info SurfControl SuperScout WebFilter Reports Server is prone to a vulnerability which may allow remote attackers to disclose the contents of arbitrary files. The Reports Server does...
Microsoft Internet Explorer 5 - Document Reference Zone Bypass
Microsoft Internet Explorer 5 - Document Reference Zone Bypass source: https://www.securityfocus.com/bid/5841/info A vulnerability has been reported in Microsoft Internet Explorer that may allow for remote attackers to execute script code in the context of other domains/security Zones. The cause...
Monkey HTTP Server 0.1.4 - File Disclosure
source: https://www.securityfocus.com/bid/5792/info Monkey HTTP server is prone to a directory-traversal bug that may allow attackers to access sensitive files. By passing a malicious query to a vulnerable server, an attacker can potentially gain access to arbitrary webserver-readable files. This...
Apache Tomcat 34 - DefaultServlet File Disclosure
Apache Tomcat 34 - DefaultServlet File Disclosure source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes...
Apache Tomcat 3/4 - 'DefaultServlet' File Disclosure
source: https://www.securityfocus.com/bid/5786/info The servlet 'org.apache.catalina.servlets.DefaultServlet' is included with Apache Tomcat by default. It is possible to use this servlet to view contents of files within the webroot. This includes JSP source code, which may contain sensitive data...
guardadv.db4web.txt
Guardeonic Solutions AG www.guardeonic.com Security Advisory 01-2002 Advisory Name: DB4Web R File Disclosure Release Date: 09/17/02 Affected Product: DB4Web R Application Server Platform: Linux, nix, MS Windows Version: Unknown Severity: A DB4Web component allows files on the server to be...
Red Hat Interchange INET Mode Detection
It seems that 'Red Hat Interchange' ecommerce and dynamic content management application is running in 'Inet' mode on this port. Versions 4.8.5 and earlier are flawed and may disclose contents of sensitive files to attackers. Nessus neither checked Interchange version nor tried to exploit the...
Microsoft Word 95/97/98/2000/2002 - 'INCLUDEPICTURE' Document Sharing File Disclosure
source: https://www.securityfocus.com/bid/5764/info The INCLUDEPICTURE Field Code may be used to insert arbitrary URLs into a document. The INCLUDEPICTURE Field Code is reported to, under some circumstances, present a security threat. If the INCLUDEPICTURE Field Code is included in a document and...
Advisory: File disclosure in DB4Web
Guardeonic Solutions AG www.guardeonic.com Security Advisory 01-2002 Advisory Name: DB4Web R File Disclosure Release Date: 09/17/02 Affected Product: DB4Web R Application Server Platform: Linux, nix, MS Windows Version: Unknown Severity: A DB4Web component allows files on the server to be...