IISProtect 2.12.2 - Authentication Bypass

IISProtect 2.12.2 - Authentication Bypass source: https://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...

Opera 7 - Image Rendering HTML Injection

Opera 7 - Image Rendering HTML Injection source: https://www.securityfocus.com/bid/6756/info It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files. As a result of this lack o...

Opera 7 - Image Rendering HTML Injection

source: https://www.securityfocus.com/bid/6756/info It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files. As a result of this lack of sanitization Opera is vulnerable to HTM...

CVE-2002-2145

Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space %20 and a '.' %2e at the end of the filename...

CVE-2002-0922

CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to 1 default%2edb or 2 default%2edb.style, or remote authenticated users to perform administrative actions via 3 a database parameter set to default%2edb...

OmniHTTPd 1.1/2.0.x/2.4 - Sample Application URL Encoded Newline HTML Injection

source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection vulnerability has been reported in the '/cgi-bin/redir.exe' sample CGI included with...

CVE-2002-0809

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the...

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with...

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with "public" access to the system may be able to view and modify some administration...

HTTP NIDS Evasion

This plugin configures Nessus for NIDS evasion see the 'Prefs' panel. NIDS evasion options are useful if you want to determine the quality of the expensive NIDS you just bought. HTTP evasion techniques : - HEAD: use HEAD method instead of GET - URL encoding: - Hex: change characters to %XX - MS...

Переполнение буфера и обратный путь в модуле Oracle PL/SQL (buffer overflow, directory traversal)

Некорректное кодирование URL позволяет обратный путь, переполнение буфера при длинной строке запроса к системе помощи в Web-Сервисе...

CVE-2001-0847

Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via 1 URL encoding the request, or 2 directly requesting the ReplicaID...

flickstitan.txt

I originally sent this message to bugtraq, but they did not post it. Instead they stuck it in their vulnerability database and removed all of my comments and example. So much for full disclosure... Flicks Software just released a product named Titan1. It is described as an application firewall...

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle URL encoded characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle URL encoded characters contained in a URL. A specially crafted request may bypass authentication and expose the contents of...

CVE-1999-1273

CVE-1999-1273 concerns Squid Internet Object Cache 1.1.20, where an attacker can bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. The initial data states the vulnerability exists in Squid 1.1.20 and enables ACL evasion, with CVSS v2.0 base metrics reflecti...

CVE-2001-0557

The connected CERT entry details a directory traversal vulnerability in Jana Server versions 1.4x (Windows) where hex-encoded “..” requests are not properly filtered, allowing remote attackers to view any file within the server’s document root with the Jana process privileges. Impact: arbitrary f...

BEA WebLogic may reveal script source code by URL trickery

Meta comment ------------ The reported problem seems to have been fixed in recent versions, without me talking to BEA. This may indicate that other people have reported the problem before me I was unable to find it on Securityfocus' vulnerability database. It may also mean that the problem is...

Tomcat may reveal script source code by URL trickery

Tomcat may reveal script source code by URL trickery ---------------------------------------------------- Sverre H. Huseby advisory 2001-03-29 Systems affected ---------------- Tomcat 4.0-b1 latest milestone and nighly build as of 2001-03-28 tested. Other versions may be vulnerable too. The probl...

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure

Tomcat 3.2.14.0 Weblogic Server 5.1 - URL JSP Request Source Code Disclosure source: https://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server f...

IE Domain Confusion Vulnerability

IE can be fooled into thinking a web page is in any domain by encoding some characters in the URL and placing the domain you want to spoof at the end of the URL. For example the URL http://www.peacefire.org2fsecurity2fiecookies2fshowcookie.html3F.amazon.com is in the pecefire.org domain but becau...