903 matches found
CVE-2004-1991
CVE-2004-1991 affects Aldo’s Web Server (aweb) 1.5. The vulnerability is aDirectory traversal in an HTTP GET request that allows an attacker to view arbitrary files by supplying an improper path using .. (dot dot). The NVD metrics indicate a NETWORK attack vector with low complexity and no authen...
CVE-2004-1973
DiGi Web Server allows remote attackers to cause a denial of service CPU consumption via an HTTP GET request that contains a large number of / slash characters, which consumes resources when DiGi converts the slashes to \ backslash characters...
CVE-2004-1991
Directory traversal vulnerability in Aldo's Web Server aweb 1.5 allows remote attackers to view arbitrary files via a .. dot dot in an HTTP GET request...
CVE-2004-2033
Orenosv 0.5.9f allows remote attackers to cause a denial of service crash via a long HTTP GET request...
CVE-2004-1784
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request...
Ashleys Web Server - Denial of Service
Ashleys Web Server - Denial of Service include include include pragma commentlib, "ws232.lib" char doscore = "GET HTTP/1.0 " "\x3f\x3f\x3f\x3f\x3f\x2e\x48\x54\x4d\x4c\x3f\x74\x65\x73\x74\x76" "\x61\x72\x69\x61\x62\x6c\x65\x3d\x26\x6e\x65\x78\x74\x74\x65\x73"...
CVE-2005-0684
CVE-2005-0684 affects the MySQL MaxDB Webtool/WebTools in MaxDB before version 7.5.00.26. The vulnerability is a stack buffer overflow caused by improper handling of long HTTP GET requests containing a percent sign or long Lock-Token strings in WebDAV handling (WDVHandler_CommonUtils.c), allowing...
CVE-2000-1223
CVE-2000-1223 affects Quikstore Shopping Cart: quikstore.cgi is vulnerable to remote command execution via shell metacharacters in the URL portion of an HTTP GET request. The issue enables arbitrary commands to be executed on the server. Connected sources (Red Hat advisory, CVE records, and NVD) ...
CVE-2001-1465
CVE-2001-1465 affects SurfControl SuperScout. The issue is in the packet-filtering logic that only filters packets containing both an HTTP GET request and a Host header; an attacker can bypass filtering by fragmenting traffic so that no single packet contains both elements. This is a local-access...
sonicwallXSS.txt
SonicWALL SOHO/10 - XSS and Code Injection vulnerability ======================================================== Product: ======== SonicWall SOHO/10 is the 2nd generation Internet Security Appliance from Sonicwall, with firewall-, vpn-, contentfiltering- and other capabilities. Vulnerability:...
CVE-2005-1122
Format string vulnerability in cgi.c for Monkey daemon monkeyd before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers aka "double expansion error"...
Logics Software LOG-FT - Arbitrary File Disclosure
Logics Software LOG-FT - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/12998/info LOG-FT is reported prone to an arbitrary file disclosure vulnerability. This issue results from an access validation error and can allow a remote attacker to disclose sensitive data. It is...
profitcode software payprocart 3.0 - Directory Traversal
source: https://www.securityfocus.com/bid/13006/info ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks. It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences...
Logics Software LOG-FT - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/12998/info LOG-FT is reported prone to an arbitrary file disclosure vulnerability. This issue results from an access validation error and can allow a remote attacker to disclose sensitive data. It is reported that an attacker can simply issue a specially...
Newsscript - Access Validation
source: https://www.securityfocus.com/bid/12761/info NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages. It is reported that an attacker can exploit this issue by issuing a specially crafted HTTP GET...
Newsscript - Access Validation
Newsscript - Access Validation source: https://www.securityfocus.com/bid/12761/info NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages. It is reported that an attacker can exploit this issue by issui...
Computalynx CProxy 3.3/3.4.x - Directory Traversal
source: https://www.securityfocus.com/bid/12722/info CProxy is reported prone to a remote directory traversal vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote user may exploit this issue to disclose arbitrary files and carry out a denial of service...
CVE-2005-0622
RaidenHTTPD 1.1.32 (and possibly earlier than 1.1.34) is affected by CVE-2005-0622. The issue allows remote attackers to view the PHP source code by issuing an HTTP GET for a filename that ends with a trailing dot or a trailing space. The vulnerability impacts confidentiality (partial) and is exp...
CVE-2005-0622
RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing 1 . dot or 2 space...
CVE-2005-0575
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request...