3153 matches found
CGIscript.net - csPassword.cgi - Multiple Vulnerabilities
CGIscript.net - csPassword.cgi - Multiple Vulnerabilities --------------------------------------------------------------------- Date : May 29, 2002 Product : csPassword.cgi Vendor : WWW.CGIscript.NET, LLC. Homepage : http://www.cgiscript.net/ DISCUSSION:...
CVE-2001-1372
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...
AOL Instant Messenger exposes local file path during file transfers
Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...
(Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
ACD Incorporated Security Advisory Project: Comprehensive Web Programming API Synopsis: GetRelativePath in CwpApi.php returns paths outside of the HTTP ServerRoot. Advisory date: January 18, 2002 New version: 1.1.1 1. In Brief: An updated CwpApi release is available which fixes a minor security b...
Реальный путь к файлам в XCache (information leakage)
В заголовках HTTP-ответа содержится реальный путь к файлу...
oracle.9i.path.txt
Product: Oracle 9i Application Server. Description: The Oracle 9i Application Server uses the Apache web server for HTTP service. However, if a request is made for a non-existent .jsp file, the complete path is shown. For instance, if you were to make the following request at a server running...
ACI 4D WebServer Directory traversal.
vendor: http://www.4d.com/ current version: 6.7 tested version: 6.57 , others? This directory transversal hole seems to work on ACI 4d webserver running on the NT platform. I would imagine exploitation on a macos box would be similar but would require the proper mac filesystem path to the file yo...
Дырки в expert
Переполнение буфера и некорректный путь поиска файлов дает возможность локального root...
webcgi98.txt
The following e-mail was sent to Acadsoft support about a week ago and I have yet recieved a response so I thought it was time to make it public. As I mentioned in the email I felt it was important because various universities use this as a registration utility. Hi, I was playing around with your...
RaidenFTPd 2.1 - Directory Traversal
RaidenFTPd 2.1 - Directory Traversal source: https://www.securityfocus.com/bid/2655/info Raiden FTPD is susceptible to directory traversal attacks using multiple dots in submitted commands specifying file paths. If the request is properly composed, RaidenFTPD will serve files outside of the...
CVE-2001-0031
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist...
CVE-2001-0031
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist...
BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11
================================================================ BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11 21/07/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================ Problem: STAT command devulges...