333 matches found
CVE-2005-0285
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs...
GLSA-200408-05 : Opera: Multiple new vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200408-05 Opera: Multiple new vulnerabilities Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the 'location' browser object. An attacker can overwrite methods in this object a...
CVE-2002-1961
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name FQDN that ends in a "." dot...
CVE-2002-1962
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname...
ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution
source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not sufficiently check or sanitize input. When the "allowurlfope...
Automatically opening IE + Executing attachments
GreyMagic Security Advisory GM002-IE ===================================== By GreyMagic Software, Israel. 22 Mar 2002. Available in HTML format at http://security.greymagic.com/adv/gm002-ie/ Topic: Automatically opening IE + Executing attachments. Discovery date: 15 Mar 2002. Important note:...
CVE-2001-0537
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL...
carey internets services commerce.cgi 2.0.1 - Directory Traversal
source: https://www.securityfocus.com/bid/2361/info It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory...
Переполнение буфера в BEA Weblogic
Классическое переполнение буфера при обращении к URL начинающимся с двух точек...
Утечка данных из RealServer
При обращении по URL вида http://targetserver/admin/includes/ сервер выдает данные из оперативной памяти, которые могут содержать важную информацию...
CVE-2000-0759
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path...
CVE-2000-0652
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string...
CVE-2000-0050
The Allaire Spectra Webtop contains an access-control flaw: authenticated users can reach other Webtop sections by directly specifying explicit URLs. This implies horizontal privilege escalation via URL manipulation. The issue is described in CVE-2000-0050 with a CVSS v2 base score of 4.6 (Medium...