[Full-disclosure] 3 minor vulnerabilities in IPSwitch products

The following 3 minor vulnerabilities were found in the products Whatsup Gold 8.04 and WhatsUp Small Business 2004 Ipswitch Whatsup Gold 8.04 - Access to view source code of all filesCIRT-34-advisory Ipswitch Whatsup Gold 8.04 - Cross Site Scripting CIRT-35-advisory Ipswitch Whatsup small Busines...

CVE-2005-2849

Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to 1 read portions of source code via the -f option to Dig digdevice.cgi, 2 determine file existence via the -r argument to Tcpdump tcpdumpdevice.cgi or 3 modify files in the...

Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)

There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file, when the files are stored on a FAT partition. ASP source code can contain sensitive information such as username's and passwords for ODBC connections. %NASLMINLEVEL 70300 C...

Microsoft IIS 5.1 source code leak

Special WebDAv request to script located at FAT volume allows to retrieve source code...

[Full-disclosure] [ Suresec Advisories ] - Several MacOS X vulnerabilities

Buffer overflow in ping and traceroute. Vulnerability summary: The ping and traceroute programs used in Mac OS X are vulnerable to a buffer overflow when resolving a hostname. In the case of ping a hostname gets copied into a static buffer which is 80 bytes long. For traceroute the hostname gets...

[SA16353] PHPLite Calendar Express Two Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16224] BMForum Plus! Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16202] Asn Guestbook "version" Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16115] Hosting Controller Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-2213

CVE-2004-2213 affects the Mbedthis AppWeb HTTP server prior to 1.1.3. An HTTP request containing a trailing dot "." or trailing space can disclose the server-side source code of scripts to a remote attacker. The description indicates the vulnerability path is via crafted requests, enabling partia...

CVE-2004-2213

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a 1 trailing dot "." or 2 trailing space in an HTTP request...

[SA15967] Phpauction GPL Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2001-1511

JRun 3.0 and 3.1 running on JRun Web Server JWS and IIS allows remote attackers to read arbitrary JavaServer Pages JSP source code via a request URL containing the source filename ending in 1 "jsp%00" or 2 "js%2570"...

CVE-2001-1511

The CVE-2001-1511 issue affects JRun 3.0/3.1 running on JRun Web Server (JWS) and IIS, where remote attackers can read arbitrary JSP source code by requesting a URL containing a source filename ending in jsp%00 or js%2570. This indicates a file-disclosure vulnerability enabling access to server-s...

[SA16031] iPhotoAlbum File Inclusion Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

FreeBSD : cacti -- multiple vulnerabilities (1cf00643-ed8a-11d9-8310-0001020eed82)

Stefan Esser reports : Wrongly implemented user input filters lead to multiple SQL Injection vulnerabilities which can lead f.e. to disclosure of the admin password hash. Wrongly implemented user input filters allows injection of user input into executed commandline. Alberto Trivero posted his...

[SA16011] PPA "config[ppa_root_path]" File Inclusion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15873] Pavsta Auto Site "sitepath" File Inclusion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2002-1986

Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...