Cross site request forgery (csrf)

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via 1 dot, 2 space, 3 slash, or 4 NULL characters in the filename extension of an HTTP request...

Code injection

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...

CVE-2006-0949

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...

CVE-2004-2636

CVE-2004-2636 affects TinyWeb 1.9, where remote attackers can read the source code of scripts by using a URL containing "/./". The NVD entry shows a base score of 5.0 (Medium) with network access and low complexity, and partial confidentiality impact. Connected sources also corroborate the vulner...

CVE-2001-1511

The CVE-2001-1511 issue affects JRun 3.0/3.1 running on JRun Web Server (JWS) and IIS, where remote attackers can read arbitrary JSP source code by requesting a URL containing a source filename ending in jsp%00 or js%2570. This indicates a file-disclosure vulnerability enabling access to server-s...

CVE-2005-2008

CVE-2005-2008 affects Yaws Webserver 1.55 and earlier. A remote attacker can obtain the source code of yaw scripts by requesting a .yaws script with a trailing %00 (null). The root cause is a null-byte handling issue in script requests. Impact is information disclosure of script source; no integr...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...

YAWS < 1.56 Script File Source Code Disclosure

Binary data 3019.prm...

CVE-2003-1127

CVE-2003-1127 affects Whale Communications e-Gap 2.5 on Windows 2000. The vulnerability allows remote attackers to obtain the login page source code by using the HTTP TRACE method, bypassing the preprocessor. Documented impact is partial confidentiality loss with no indicated integrity or availab...

CVE-2003-1127

Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor...

CVE-2005-0622

RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing 1 . dot or 2 space...

Blazix Trailing Character JSP Source Disclosure

The remote host is running the Blazix web server, a web server written in Java. The installed version of Blazix discloses the source code of its JSP pages by requesting the pages while appending a plus sign or a backslash to its name. An attacker may use this flaw to get the source code of your...

CVE-2005-0286

eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a 1 . dot or 2 + plus sign at the end, which returns the source code for that file...

CVE-2002-1528

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...

GoAhead script source leak

It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...

CVE-2003-1408

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot...

CVE-2003-0424

The CVE-2003-0424 entry affects Apple QuickTime/Darwin Streaming Server prior to 4.1.3f. The vulnerability allows an attacker to disclose script source code by appending encoded characters (%20 space or %2e dot) to an HTTP request for a script (e.g., /view_broadcast.cgi). The issue is a Script So...

Sun ONE Application Server Upper Case Request JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case ie: filename.JSP instead of filename.jsp. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold 4.0 to close a second JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code exposure vulnerability...

CVE-2002-0737

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service resource exhaustion via DOS devices, using a URL that ends with a space and a null character...