5314 matches found
CVE-2006-0815
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...
CVE-2006-0815
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...
CVE-2006-0815
Summary of CVE-2006-0815 : Affects NetworkActiv Web Server 3.5.15. The vulnerability arises from improper validation of filename extensions when a forward slash is included in a URL, enabling a remote attacker to disclose the source code of scripts hosted on the server (information disclosure). I...
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...
CVE-2006-0949
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...
Code injection
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...
Code injection
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...
CVE-2006-0814
Lighttpd on Windows (1.4.10 and possibly earlier) is affected by an information disclosure vulnerability where specially crafted requests containing trailing dots or spaces bypass Windows handling and cause disclosure of script/source code. Root cause is improper validation of filename extensions...
CVE-2006-0949
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving 1 "." dot, 2 space, and 3 "/" slash characters...
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...
CVE-2006-0949
RaidenHTTPD 1.1.47 is vulnerable to information disclosure via crafted requests containing dot, space, and slash characters that allow remote attackers to obtain source code of script files (e.g., PHP). The underlying issue is inadequate validation of URL filename extensions. A fix is to upgrade ...
NZ Ecommerce SQL&XSS vuln.
Vuln. discovered by : r0t Date: 2 march 2006 vendor: www.digitalbuilder.co.nz/ProductCodeNZEcommerce.asp affected version: latest Orginal advisory: http://pridels.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html 1.XSS Input passed to the "action" parameter in "index.php" isn't properly sanitise...
NetworkActiv Web Server script source code leak
Invalid processing of requests with forward slash character...
NetworkActiv < 3.5.16 Crafted Filename Request Source Code Disclosure
Binary data 3451.prm...
Lighttpd web server source code disclosure
Source code leak on case-insensitive file systems...
[SA19048] LanSuite LanParty Intranet System "fid" SQL Injection
TITLE: LanSuite LanParty Intranet System "fid" SQL Injection SECUNIA ADVISORY ID: SA19048 VERIFY ADVISORY: http://secunia.com/advisories/19048/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: LanSuite LanParty Intranet System 2.x...
[SA18903] iUser Ecommerce common.php File Inclusion Vulnerability
TITLE: iUser Ecommerce common.php File Inclusion Vulnerability SECUNIA ADVISORY ID: SA18903 VERIFY ADVISORY: http://secunia.com/advisories/18903/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: iUser Ecommerce 2.x http://secunia.com/product/8175/ DESCRIPTION: ReZEN ha...
[SA18924] PerlBLOG Multiple Vulnerabilities
TITLE: PerlBLOG Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18924 VERIFY ADVISORY: http://secunia.com/advisories/18924/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: PerlBLOG 1.x http://secunia.com/product/8128/ DESCRIPTION: Aliaksand...
[SA18869] Lighttpd Case-Insensitive Filename Source Code Disclosure
TITLE: Lighttpd Case-Insensitive Filename Source Code Disclosure SECUNIA ADVISORY ID: SA18869 VERIFY ADVISORY: http://secunia.com/advisories/18869/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: lighttpd 1.x http://secunia.com/product/4661/...
[SA18803] DocMGR process.php File Inclusion Vulnerability
TITLE: DocMGR process.php File Inclusion Vulnerability SECUNIA ADVISORY ID: SA18803 VERIFY ADVISORY: http://secunia.com/advisories/18803/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, System access WHERE: From remote SOFTWARE: DocMGR 0.x http://secunia.com/product/8021/...