Design/Logic Flaw

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

CVE-2006-1598

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

CVE-2006-1598

Summary: CVE-2006-1598 affects AN HTTPD 1.42n and possibly earlier versions (before 1.42p). Vulnerability: Remote attackers can obtain the source code of scripts by sending crafted requests that exploit specific dot and space characters in the file extension. Impact: Information disclosure (confi...

Bugzero XSS vuln.

Bugzero XSS vuln. Vuln. discovered by : r0t unsecured-systems Date: 1 april 2006 vendor:http://www.websina.com/bugzero/ affected versions:V.4.3.1 and also development version. Bugzero contains a flaws that allows a remote cross site scripting attacks. Those flaws exists because input passed to...

[Full-disclosure] ExplorerXP : Directory Traversal and Cross Site Scripting

ExplorerXP : Directory Traversal and Cross Site Scripting Software : ExplorerXP Description : Two vulnerabilities have been discovered in ExploreXP, which can be exploited by malicious people to conduct directory traversal and Cross Site Scripting attacks. Directory Traversal :...

CVE-2006-1483

Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot, 2 space, and 3 slash characters in the extension of a URL...

CVE-2006-1483

Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot, 2 space, and 3 slash characters in the extension of a URL...

[SA19439] Cholod Mysql based message board Script Insertion and SQL Injection

TITLE: Cholod Mysql based message board Script Insertion and SQL Injection SECUNIA ADVISORY ID: SA19439 VERIFY ADVISORY: http://secunia.com/advisories/19439/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Cholod Mysql based message...

classifiedZONE v1.2 XSS vuln.

classifiedZONE v1.2 XSS vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/classifieds/ affected versions:v.1.2 and prior Vuln. Description: classifiedZONE contains a flaw that allows a remote cross site scripting attack. This flaw exists because inp...

[SA19341] Blazix Web Server JSP Source Code Disclosure Vulnerability

TITLE: Blazix Web Server JSP Source Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA19341 VERIFY ADVISORY: http://secunia.com/advisories/19341/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Blazix 1.x http://secunia.com/product/8961/...

couponZONE v.4.2 Multiple vuln.

couponZONE v.4.2 Multiple vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/coupons affected versions:v.4.2 and prior orginal advisory:http://pridels.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html Vuln. Description: 1. SQL vuln. couponZONE...

Connect Daily Web Calendar Software Multiple XSS vuln.

Connect Daily Web Calendar Software Multiple XSS vuln. Vuln. discovered by : r0t Date: 27 march 2006 vendor:http://www.mhsoftware.com/connectdaily.htm affected versions:3.2.9 and prior orginal advisory:http://pridels.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html Vuln. description:...

[SA19415] Absolute Live Support XE Script Insertion Vulnerability

TITLE: Absolute Live Support XE Script Insertion Vulnerability SECUNIA ADVISORY ID: SA19415 VERIFY ADVISORY: http://secunia.com/advisories/19415/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Absolute Live Support XE 2.x http://secunia.com/product/8929/...

XSS in <= Toast Forums 1.6

XSS in = Toast Forums 1.6 Vuln. discovered by : r0t Date: 25 march 2005 vendor:http://www.toastforums.com/ affected versions: 1.6 and prior orginal advisory: http://pridels.blogspot.com/2006/03/xss-in-toast-forums-16.html Vuln. Description. Toast Forums contains a flaw that allows a remote cross...

CVE-2006-1391

The CVE-2006-1391 entry concerns two web servers: Quick 'n Easy Web Server (before 3.1.1) and Baby ASP Web Server (2.7.2). The issue is that an attacker can remotely obtain the source code of ASP files by crafting URLs where the extension uses a dot/space (e.g., manipulating the URL extension), e...

Absolute FAQ Manager .NET XSS vuln.

Absolute FAQ Manager .NET XSS vuln. Vuln. discovered by : r0t Date: 25 march 2006 vendor: http://www.xigla.com/absolutefmnet/ affected versions: Version 4.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/absolute-faq-manager-net-xss-vuln.html Vuln. Description: Absolute FAQ Manag...

SweetSuite.NET - ssCMS 2.1.x XSS vuln.

SweetSuite.NET - ssCMS 2.1.x XSS vuln. Vuln. discovered by : r0t Date: 25 march 2006 vendor: www.sweetsuite.net/ssCMSMain.aspx affected versions: 2.1.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/sweetsuitenet-sscms-21x-xss-vuln.html Vuln. Description: ssCMS contains a flaw th...

CVE-2006-1391

The a Quick 'n Easy Web Server before 3.1.1 and b Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via 1 . dot and 2 space characters in the extension of a URL...

Design/Logic Flaw

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...