CVE-2012-1466

The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from...

Microsoft IIS WebDAV Request Source Code Disclosure

The Internet Information Server IIS is a collection of Internet services packaged with several versions of the Windows operating system. IIS includes a Web server service that is capable of serving static, as well as dynamic content. The Web server is equipped with the Active Server Pages ASP...

Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)

The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

Mozilla Thunderbird Multiple Vulnerability Jun-09 (Windows)

The host is installed with Thunderbird, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbthunderbirdmultvulnjun09win.nasl 4892 2016-12-30 15:39:07Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities Jun-09 Windows Authors: Antu Sanadi Copyright: Copyright c 2009...

CVE-2008-5301

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." dot dot in a script name...

IPSwitch WS_FTP Server Manager / Whats Up unauthorized access

It's possible to access script files with localhostnull account without password. Scripts source code leak...

Mozilla Firefox chrome: URL directory traversal

It's possible to access local script files...

CVE-2007-4913

ipskernel/classupload.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios unde...

CVE-2007-4913

ipskernel/classupload.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios unde...

SHTTPD V1.38 server source code disclosure

SHTTPD V1.38 server source code disclosure ------------------------------------ link:http://shttpd.sourceforge.net/ info: The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files...

MyServer-0.8.9 - source code disclosure

The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files. Found By:Shay Priel aka Prili site: http://www.myserverproject.net/ poc: ---- http://localhost/cgi-bin/post.mscgI I -...

HTTP SERVER (httpsv1.6.2) source code disclosure

HTTP SERVER httpsv1.6.2 source code disclosure http://httpsv.sourceforge.net/ The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files. POC: http://127.0.0.1/test.htm20 Bug Found...

Apache Tomcat 5 - Information Disclosure

Apache Tomcat 5 - Information Disclosure source: https://www.securityfocus.com/bid/19106/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from...

Hey Hey:a few dangerous files-the vulnerability warning-the black bar safety net

We know. bat is a DOS Batch command file, we can use Notepad to edit and add some commands to run after the system will automatically one by one to execute the command. So some dangerous commands will be some people with ulterior motives written into the batch file to go, online spread sabotage,...

CVE-2006-2309

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

CVE-2006-2309

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

FreeBSD : coppermine -- Multiple File Extensions Vulnerability (0b628470-e9a6-11da-b9f4-00123ffe8333)

Secunia reports : Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

Design/Logic Flaw

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

CVE-2006-0658

Removed by vendor...

CVE-2006-0658

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...