Cohu 3960HD Multiple Vulnerabilities

Cohu 3960HD Series IP cameras are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Urban Dictionary: Source Code Disclosure

URL http://www.urbandictionary.com/phpinfo.php Identified Source Code An attacker can obtain server-side source code of the web application, which can contain sensitive data - such as database connection strings, usernames and passwords - along with the technical and business logic of the...

Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/477/info This vulnerability could allow a web site viewer to obtain the source code for .asp and similar files if the server's default language Input Locale is set to Chinese, Japanese or Korean. How this works is as...

ShopEx某些服务器存在任意代码执行漏洞(可泄漏用户交易数据)

简要描述： 可执行命令，查看源码！ 详细说明： php cgi漏洞 http://shop322763.p13.shopex.cn/ 漏洞证明： http://shop322763.p13.shopex.cn/?-s http://shop319398.p09.shopex.cn/?-s http://shop317459.p21.shopex.cn/?-s 尝试执行PHP代码，虽然有openbasedir，disablefunctions的限制，不过我能直接CGI方式给PHP传参，这些限制自然不在话下，bypass之。 影响的用户太多了，厂商还是自查吧。。。...

domain_dot

This plugin finds misconfigurations in the virtual host settings by sending a specially crafted request with a trailing dot in the domain name. For example, if the input for this plugin is http://host.tld/ , the plugin will perform a request to http://host.tld./ . In some misconfigurations, the...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

CVE-2011-3694

The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL...

LoveCMS 1.6.2 Final - Multiple Local File Inclusions

LoveCMS 1.6.2 Final - Multiple Local File Inclusions LoveCMS 1.6.2 Final Multiple Local File Inclusion Vulnerabilities found by cOndemned vendor: http://lovecms.org/ download: http://sourceforge.net/project/showfiles.php?groupid=168535 source of /system/admin/modules.php 13. ifisset$GET'install'...

CVE-2009-4530

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI...

CVE-2009-4535

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / slash character to the URI...

CVE-2009-4529

NaviCOPA Web Server (3.0.1.2 and earlier) is affected by CVE-2009-4529. A trailing encoded space in a request URI (e.g., /index.html%20 or /index.php%20) can disclose the server-side source code of pages/CGIs to a remote attacker. Affected product is NaviCOPA Web Server; root cause is improper ha...

CVE-2009-3544

Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name...

CVE-2005-4833

The affected product is IBM WebSphere Application Server 6.0 prior to 20050201, vulnerable when serving pages in an Application WAR or an Extended Document Root. The root cause is lack of URL normalization, allowing remote attackers to access the JSP source code and other sensitive information vi...

CVE-2007-0585

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

CVE-2006-4223

CVE-2006-4223 affects IBM WebSphere Application Server (WAS) before version 6.0.2.13. The issue involves JSP source code exposure via context-dependent paths when ibm-web-ext.xmi sets fileServingEnabled to true or when ExtendedDocumentRoot places a JSP outside a WAR file. This allows an attacker ...

CVE-2006-2248

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

CVE-2006-1598

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7 on Windows is affected by a filename extension validation flaw that allows remote disclosure of JSP source code. An attacker can craft a URL with dot or space characters in the extension to reveal the contents of JSP files. The vulnerability impacts confident...