187 matches found
Webchat 2.0 Module - Full Path Disclosure
source: https://www.securityfocus.com/bid/7774/info Webchat has been reported prone to a path disclosure weakness. Reportedly an attacker may make a malicious HTTP request for several Webchat PHP scripts to trigger the condition. Under some circumstances the request will trigger an exception,...
Re: VP-ASP shopping cart software.
Hi, A small thing the original advisory author has not mentioned is that SQL injection is also possible allowing you to enter the administrative page with actually knowing the used administrator username and password, example: Username: 'or''=' i.e. enter just: 'or''=' Password: 'or''=' i.e. ente...
FastCGI Multiple Sample CGI XSS
Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension...
CVE-2001-0303
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file...
CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass
More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...
CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass
More info at https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass...