Blazix 1.2 jsp view and free protected folder access

Auriemma Luigi, PivX security advisory Application: Blazix http://www.blazix.com Version: 1.2 and previous Bug: Bad management of files requested with at the end some "bad" characters Risk low: An attacker can view jsp and other server side scripts with the ability to access any password protecte...

Blazix 1.2 - Password Protected Directory Information Disclosure

source: https://www.securityfocus.com/bid/5567/info Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. Blazix does not properly handle some special characters when appended to requests. By passing a special...

CVE-2002-0304

Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request...

Password protection bypass in Intel D845 motherboards

Password is not required to select boot device...

LocalWEB2000 2.1.0 Standard - File Disclosure

LocalWEB2000 2.1.0 Standard - File Disclosure source: https://www.securityfocus.com/bid/4820/info A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' current...

LocalWEB2000 2.1.0 Standard - File Disclosure

source: https://www.securityfocus.com/bid/4820/info A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' current directory. If the file http://server/file.txt is set...

CVE-2002-0304

Lil HTTP Server 2.1 is affected by a path traversal vulnerability that lets remote attackers read password-protected files by including a /./ sequence in the HTTP request. The available documents confirm the affected product and the vulnerable behavior but do not provide details on attacker explo...

CVE-2002-0304

Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request...

CVE-2002-0100

AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file...

CVE-2002-0100

AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file...

CVE-2002-0112

The CVE-2002-0112 entry affects Etype Eserv 2.97 . Affected component: password-protected file disclosure via a crafted URL containing /./ , enabling remote attackers over the network to view protected files. The available data confirms the vulnerability and impact (partial confidentiality) but p...

CVE-2001-0757

Cisco 6400 NRP2 (Access Concentrator Node Route Processor 2) is affected on IOS releases earlier than 12.1(05)DC01. The module lets Telnet access occur when no vty password is set, enabling a remote attacker to gain unauthorized access and potentially modify device configuration or affect traffic...

Обход защиты в Falcon (protection bypass)

Можно получить доступ к каталогу закрытому паролем если доавить дополнительный слэш...

lotus.domino.bypass.txt

--------------------------------------------------------------------------- Web: http://qb0x.net Author: Gabriel A. Maggiotti Date: Febrary 03, 2002 E-mail: [email protected] --------------------------------------------------------------------------- General Info ------------ Problem Type :...

EServ 2.9x - Password-Protected File Access

source: https://www.securityfocus.com/bid/3838/info EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver, suc...

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set

Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...

Alcatel ADSL Modem Unrestricted Remote Access

On the Alcatel Speed Touch Pro ADSL modem, a protection mechanism feature is available to ensure that nobody can gain remote access to the modem via the WAN/DSL interface. This mechanism guarantees that nobody from outside your network can access the modem's management interface and potentially...

CVE-1999-1077

Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock...

CVE-1999-1454

Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC Escape key...

CVE-1999-1430

The CVE-1999-1430 entry concerns PIM software for Royal daVinci that fails to properly password-protect data stored in a Microsoft Access .mdb file, allowing local users to read data by opening the files with another application (e.g., Access). Affected: PIM software for Royal daVinci; Vulnerable...