ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability

No description provided by source. ToXiC BuG FounD by Drago84 Application Affect:ZoomStats Source Code: http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?usemirror=kent Problem: $GLOBALS'lib''db''path' array not declare Solution : $GLOBALS'lib''db''path' Page Vulnerable : mysql.ph...

Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returne...

Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/477/info This vulnerability could allow a web site viewer to obtain the source code for .asp and similar files if the server's default language Input Locale is set to Chinese, Japanese or Korean. How this works is as...

MODx 0.9.6.1 'htcmime.php' Source Code Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

NaviCOPA <= 3.0.1.2 Source Disclosure

No description provided by source. NaviCOPA Web Server = 3.0.1.2 Remote Source Disclosure Found By: DrIDE Tested On: Windows XPSP3 Download: www.navicopa.com/download.html - Description - NaviCOPA Web Server = 3.0.1.2 is a Windows based HTTP server. This is the latest version of the application...

Michael Lamont Savant WebServer 2.1 CGI Source Code Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a GET request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0 proper script execution/output GE...

Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...

Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)

No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...

oracle application server discussion forum portlet Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting...

Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat shi...

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

No description provided by source. Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=481...

IPN Development Handler 2.0 - Multiple Vulnerabilities

No description provided by source. IPN Development Handler v2.0 CSRF Change Admin Account ============================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://scripts.filehungry.com/product/php/e-commerce/paypal/ipndevelopmenthandler/ ===...

SPChat 0.8 Module Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7780/info SPChat has been reported prone to a remote file include vulnerability. The issue presents itself due to insufficient sanitization performed on the user-supplied URI variable 'statussess' by the SPChat module. It...

Juergen Weigert screen 3.9 User Supplied Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to alter the contents of the...

PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...

XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...

Ipswitch WhatsUp Professional 2006 0 NmConsole/ToolResults.asp sHostname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation...

JDownloader Webinterface Source Code Disclosure Vulnerability

No description provided by source. Exploit Title: JDownloader Webinterface Source Code Disclosure Date: 11/24/10 Author: Sil3ntDre4m Software Link: http://jdownloader.org Version: Latest 0.9.850 Tested on: Windows, Linux JDownloader WebInterface is vulnerable to a source code disclosure exploit t...

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending +.htr to a request for a known .asp or .asa, .ini, etc file. Appending...

bloofox 0.3 (sql/fd) Multiple Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote...