Lucene search
K

1017 matches found

Prion
Prion
added 2006/05/09 10:2 a.m.12 views

Design/Logic Flaw

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

5CVSS7.3AI score0.01532EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/05/09 10:0 a.m.17 views

CVE-2006-2248

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

6.8AI score0.01532EPSS
Exploits0References6
0day.today
0day.today
added 2006/03/27 12:0 a.m.102 views

Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability

Exploit for multiple platform in category remote exploits ============================================================= Apache Tomcat 5.5.17 Remote Directory Listing Vulnerability ============================================================= ScanAlert Security Advisory - http://www.scanalert.com...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/03/23 12:0 a.m.59 views

Orion application server source code disclosure

It's possible to access JSP page content by adding dot with space character to file extention...

2.1AI score
Exploits0References1Affected Software1
myhack58
myhack58
added 2006/03/07 12:0 a.m.32 views

ASP back door of the place method-vulnerability warning-the black bar safety net

Transmission in the broiler on the asp back door, even if you modified the code, escaped the virus, but a careful administrator will also be found on his website, the web directory will be more than one asp file. For this question, I think the two approaches, and nothing technical at all, just an...

0.1AI score
Exploits0
Prion
Prion
added 2006/03/06 11:2 p.m.17 views

Privilege escalation

NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...

5CVSS7.2AI score0.01582EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/02/28 11:0 a.m.14 views

CVE-2006-0936

Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00...

7AI score0.02269EPSS
Exploits1References4
Prion
Prion
added 2006/02/18 2:2 a.m.15 views

Design/Logic Flaw

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...

2.6CVSS7AI score0.02236EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/02/18 2:2 a.m.17 views

CVE-2006-0765

GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...

5.1CVSS6.8AI score0.01159EPSS
Exploits0References2
CVE
CVE
added 2006/02/18 2:0 a.m.47 views

CVE-2006-0760

LightTPD 1.4.8 and earlier; when the web root sits on a case-insensitive filesystem, the system may bypass URL checks and disclose sensitive information by mismatching file extension capitalization (e.g., index.PHP when PHP is enabled only for ".php"). Root cause is a case-insensitive handling of...

2.6CVSS6.5AI score0.02236EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2006/02/16 12:0 a.m.47 views

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG &#40;DIRECTORY + FILENAME&#41; EXPLOIT

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG DIRECTORY + FILENAME EXPLOIT Found this 'bug' about 1 year n a half ago. If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your contact list it is possible to send a full directory... The possibility to...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/02/13 12:0 a.m.28 views

imageVue16.1 upload vulnerability

ImageVue is an online Flash gallery for viewing images. For more information about ImageVue visit http://www.imagevuex.com Credits: me Vulnerable Systems: imageVue16.1 In ImageVue one can upload images to the Gallery. The upload-script however isn't checking credentials nor does it check file...

Exploits0
Cvelist
Cvelist
added 2006/02/07 6:0 p.m.25 views

CVE-2006-0574

Cross-site scripting XSS vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the 1 file extension or 2 mime-type...

5.7AI score0.01976EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2006/01/18 12:0 a.m.35 views

Mozilla Thunderbird < 1.5 Attachment Extension Spoofing

The remote host is using Mozilla Thunderbird, an email client. The remote version of this software does not display attachments correctly in emails. Using an overly-long filename and specially crafted Content-Type headers, an attacker may be able to leverage this issue to spoof the file extension...

5.1CVSS5.7AI score0.02009EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2006/01/02 12:0 a.m.25 views

MyBB < 1.01 function_upload.php SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the to the file extension of an uploaded file. A remote, unauthenticated attacker can exploit this issue to manipulate SQL queries, resulting in the...

7.5CVSS5.5AI score0.01369EPSS
Exploits0References3
NVD
NVD
added 2005/12/20 11:3 a.m.19 views

CVE-2005-4426

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could b...

4CVSS5.6AI score0.01101EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/12/20 11:0 a.m.37 views

CVE-2005-4426

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could b...

5.6AI score0.01101EPSS
Exploits0References4
CVE
CVE
added 2005/12/20 11:0 a.m.79 views

CVE-2005-4426

CVE-2005-4426 involves YaBB before 2.1 where an interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF extension, causing the HTML to execute in Internet Explorer (as described for CVE-2005-3312). The issue is tied to YaBB’s ...

4CVSS5.9AI score0.01101EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2005/10/26 10:2 a.m.24 views

CVE-2005-3312

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting XSS attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response...

4.3CVSS5.3AI score0.11886EPSS
Exploits1References5
CVE
CVE
added 2005/10/25 4:0 a.m.35 views

CVE-2004-2530

CVE-2004-2530 affects the Gadu-Gadu client. The issue is a visual truncation vulnerability in file name handling that lets remote attackers spoof the file extension of transmitted files by using a filename with many spaces before the real extension, which is not shown in the dialog. Impact stated...

2.6CVSS6.9AI score0.02037EPSS
Exploits1References5
Rows per page
Query Builder