CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with...

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with "public" access to the system may be able to view and modify some administration...

HTTP NIDS Evasion

This plugin configures Nessus for NIDS evasion see the 'Prefs' panel. NIDS evasion options are useful if you want to determine the quality of the expensive NIDS you just bought. HTTP evasion techniques : - HEAD: use HEAD method instead of GET - URL encoding: - Hex: change characters to %XX - MS...

Переполнение буфера и обратный путь в модуле Oracle PL/SQL (buffer overflow, directory traversal)

Некорректное кодирование URL позволяет обратный путь, переполнение буфера при длинной строке запроса к системе помощи в Web-Сервисе...

CVE-2001-0847

Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via 1 URL encoding the request, or 2 directly requesting the ReplicaID...

flickstitan.txt

I originally sent this message to bugtraq, but they did not post it. Instead they stuck it in their vulnerability database and removed all of my comments and example. So much for full disclosure... Flicks Software just released a product named Titan1. It is described as an application firewall...

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle URL encoded characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle URL encoded characters contained in a URL. A specially crafted request may bypass authentication and expose the contents of...

CVE-1999-1273

CVE-1999-1273 concerns Squid Internet Object Cache 1.1.20, where an attacker can bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. The initial data states the vulnerability exists in Squid 1.1.20 and enables ACL evasion, with CVSS v2.0 base metrics reflecti...

CVE-2001-0557

The connected CERT entry details a directory traversal vulnerability in Jana Server versions 1.4x (Windows) where hex-encoded “..” requests are not properly filtered, allowing remote attackers to view any file within the server’s document root with the Jana process privileges. Impact: arbitrary f...

BEA WebLogic may reveal script source code by URL trickery

Meta comment ------------ The reported problem seems to have been fixed in recent versions, without me talking to BEA. This may indicate that other people have reported the problem before me I was unable to find it on Securityfocus' vulnerability database. It may also mean that the problem is...

Tomcat may reveal script source code by URL trickery

Tomcat may reveal script source code by URL trickery ---------------------------------------------------- Sverre H. Huseby advisory 2001-03-29 Systems affected ---------------- Tomcat 4.0-b1 latest milestone and nighly build as of 2001-03-28 tested. Other versions may be vulnerable too. The probl...

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server f...

IE Domain Confusion Vulnerability

IE can be fooled into thinking a web page is in any domain by encoding some characters in the URL and placing the domain you want to spoof at the end of the URL. For example the URL http://www.peacefire.org2fsecurity2fiecookies2fshowcookie.html3F.amazon.com is in the pecefire.org domain but becau...

oracle.web.listener.txt

Subject: Oracle Web Listener Date: Thu Nov 25 1999 12:45:35 Author: Mnemonix There is a problem seems to be a bug with Oracle Web Listener where a resource can be accessed when is shouldn't be able to be accessed: Consider the following setup: Access to http://host/ows-bin/owa/thenormal.app is...

PT-1997-1112 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS version 3.0 Description: The issue allows remote intruders to read source code for ASP programs. This is achieved by using a %2e instead of a . dot in the URL. Recommendations: For IIS version 3.0, apply the necessary configuration change...