494 matches found
extropia webstore 1.02.0 - Directory Traversal
extropia webstore 1.02.0 - Directory Traversal source: https://www.securityfocus.com/bid/1774/info Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript. The routine webstore.cgi...
Roxen security alert: Problems with URLs containing null characters.
Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: Directory listings in directories with index files In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc...
Проблемы в сервере Roxen
Используя нулевой символ 00 можно просматривать листинги директорий, получать содержимое исполняемых файлов и т.д...
CVE-2000-0671
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character %00 to the URL...
Roxen WebServer 2.0.x - %00 Request FileDirectory Disclosure
Roxen WebServer 2.0.x - %00 Request FileDirectory Disclosure source: https://www.securityfocus.com/bid/1510/info If a request containing the null character %00 is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages. For exampl...
Roxen WebServer 2.0.x - '%00' Request File/Directory Disclosure
source: https://www.securityfocus.com/bid/1510/info If a request containing the null character %00 is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages. For example, a request to http://www.server.com/%00 Will return the...
CVE-2000-0014
The CVE-2000-0014 entry describes a denial-of-service in the Savant web server triggered by a crafted URL containing a null character. The impact is a Partial Availability impact with no confidentiality or integrity impact, as per CVSS v2 metrics, and the exploitation could be performed over the ...
CVE-2000-0014
Denial of service in Savant web server via a null character in the requested URL...
CVE-2000-0149
Zeus Web Server (versions 3.1.x–3.3.5) contains an information disclosure flaw where a null byte (%00) at the end of a URL allows remote attackers to view the source code of CGI scripts. Root cause: improper handling of CGI input leading to source disclosure. Impact is information exposure of CGI...
CVE-2000-0149
Zeus web server allows remote attackers to view the source code for CGI programs via a null character %00 at the end of a URL...
CVE-2000-0149
Zeus web server allows remote attackers to view the source code for CGI programs via a null character %00 at the end of a URL...
CVE-2000-0014
Denial of service in Savant web server via a null character in the requested URL...
Michael Lamont Savant Web Server 2.0 - NULL Character Denial of Service
Michael Lamont Savant Web Server 2.0 - NULL Character Denial of Service source: https://www.securityfocus.com/bid/897/info The Savant Webserver cannot properly handle null characters in a GET request. If it encounters one, it will crash. The failure is logged in \Logs\general.txt http ://target/%...
Michael Lamont Savant Web Server 2.0 - NULL Character Denial of Service
source: https://www.securityfocus.com/bid/897/info The Savant Webserver cannot properly handle null characters in a GET request. If it encounters one, it will crash. The failure is logged in \Logs\general.txt http ://target/%00/...