239 matches found
PWebServer 0.3.x - Directory Traversal
source: https://www.securityfocus.com/bid/9817/info It has been reported that PWebServer is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied URI requests. Information acquired by exploiting this issue may be...
FirstClass 7.1 HTTP Server: Remote Directory Listing
FirstClass 7.1 HTTP Server allow the listing of all files under the web root directory and user web directories. This can be achieved by appending "/Search" to the URL. The browser will present a file searching form. If all check boxes search options are selected, and the filename text box is lef...
CVE-2003-0802
Nokia Electronic Documentation NED 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . dot...
minihttp file-sharing for net 1.5 - Directory Traversal
minihttp file-sharing for net 1.5 - Directory Traversal source: https://www.securityfocus.com/bid/8619/info It has been reported that WebForums and File-Sharing for NET are prone to a remote directory traversal attack due to insufficient sanitization of user-supplied data. This vulnerability coul...
ColdFusion MX - Remote Development Service
ColdFusion MX - Remote Development Service !/usr/bin/perl RDScDump.pl By angry packet THIS IS AN UNPATCHED VULNERABILITY - THIS IS AN UNPATCHED VULNERABILITY ColdFusion 6 MX Server does several things in order to get remote dir structure so we will need to recreate these functions. This is a...
SFAD03-001: iWeb Mini Web Server Remote Directory Traversal
================================================================= ...............: S e c u r i t y F r e a k s :............... .................: www.securityfreaks.com :.................. ================================================================= Title : iWeb Mini Web Server Remote...
SFAD03-001.txt
================================================================= ...............: S e c u r i t y F r e a k s :............... .................: www.securityfreaks.com :.................. ================================================================= Title : iWeb Mini Web Server Remote...
BRS Webweaver 1.0 1 - MKDir Directory Traversal
BRS Webweaver 1.0 1 - MKDir Directory Traversal source: https://www.securityfocus.com/bid/6585/info WebWeaver's FTP component has a flaw which can permit a remote user to create directories outside the FTP root. By executing the mkdir command on an ftp server with dot-dot-slash ..\ directory...
Vulnerability in Apache Tomcat v3.23 & v3.24
Procheckup Ltd www.procheckup.com Procheckup Security Bulletin PR02-05 Description: Tomcat source.jsp directory listing and webroot location display Date: 8/1/2002 Application: Apache Tomcat Java server versions 3.23 and 3.24 Platform: Linux/Unix Severity: Remote attackers can obtain listings of...
CVE-2002-0203
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter...
PT-2002-1274 · Oracle · Tarantella Enterprise
Name of the Vulnerable Software and Affected Versions: Tarantella Enterprise versions 3.0x through 3.20 Tarantella Enterprise version 3.11.903 Description: The issue allows remote attackers to view directory contents. This is achieved by providing an empty pg parameter in the ttawebtop.cgi script...
CVE-2001-0933
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls LIST command that includes the drive letter as an argument, e.g. "ls C:"...
Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing
It is possible to read a '.DSStore' file on the remote web server. This file is created by MacOS X Finder; it is used to remember the icons position on the desktop, among other things, and contains the list of files and directories present in the remote directory. Note that deleted files may stil...
CVE-2001-0255
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name e.g. C: in the requested pathname...
CVE-2001-0925
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / slash characters, which causes the path to be mishandled by 1 modnegotiation, 2 moddir, or 3 modautoindex...
CVE-2000-0951
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning WebDAV search...
CVE-2000-0835
search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter...
CVE-2000-0505
The CVE-2000-0505 entry concerns the Apache HTTP Server on Windows (Win32) in the 1.3.x line. The vulnerability allows remote attackers to list directory contents by issuing a URL containing a large sequence of forward slashes, which triggers directory listing of the web root as configured in htt...
Apache for Windows Multiple Forward Slash Directory Listing
Certain versions of Apache for Win32 have a bug wherein remote users can list directory entries. Specifically, by appending multiple /'s to the HTTP GET command, the remote Apache server will list all files and subdirectories within the web root as defined in httpd.conf. %NASLMINLEVEL 70300 This...