140 matches found
ATPhttpd 0.4 DoS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ATPhttpd 0.4 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 13, 2001 Product / Vendor: ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is ideal for serving lots of static content, especially where disk I/O is...
CVE-2001-1191
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service crash via a URL that ends in %2e...
CVE-2001-0709
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...
Working Resources BadBlue 1.2.7 - Full Path Disclosure
source: https://www.securityfocus.com/bid/2390/info Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory. http://target/ext.dll will result in: Error: opening c:\program files\badblue\pe\default.htx 2...
Way-Board 2.0 - File Disclosure
Way-Board 2.0 - File Disclosure source: https://www.securityfocus.com/bid/2370/info A remote user could gain read access to known files outside of the root directory where Way-Board resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose...
Martin Hamilton ROADS 2.3 - File Disclosure
source: https://www.securityfocus.com/bid/2371/info A remote user could gain read access to known files outside of the root directory where Martin Hamilton ROADS resides. Requesting a specially crafted URL composed of '%00' sequences along with the known filename will disclose the requested file...
Martin Hamilton ROADS 2.3 - File Disclosure
Martin Hamilton ROADS 2.3 - File Disclosure source: https://www.securityfocus.com/bid/2371/info A remote user could gain read access to known files outside of the root directory where Martin Hamilton ROADS resides. Requesting a specially crafted URL composed of '%00' sequences along with the know...
soft lite serverworx 3.0 - Directory Traversal
soft lite serverworx 3.0 - Directory Traversal source: https://www.securityfocus.com/bid/2346/info It is possible for a remote user to gain read access to directories and files outside the root directory of ServerWorx. Requesting a specially crafted URL composed of '../' or '.../' sequences will...
CVE-2001-0098
WebLogic Server before 5.1.0 is affected by a buffer overflow in URL handling triggered by a long URL starting with "..". The CVE entry (CVE-2001-0098) is supported by OpenVAS references noting that requesting an overly long URL starting with a double dot can crash certain WebLogic versions and m...
PALS Library System WebPALS 1.0 - pals-cgi Traversal Arbitrary File Read
source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges...
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges...
CVE-2000-1133
CVE-2000-1133 affects Authentix Authentix100; remote attackers can bypass authentication by inserting a dot (.) into the URL for a protected directory. The connected documents do not specify affected versions, platforms, or a remediation. No exploit code or in-the-wild details are provided.
X-Chat 1.21.31.41.5 - Command Execution via URLs
X-Chat 1.21.31.41.5 - Command Execution via URLs source: https://www.securityfocus.com/bid/1601/info A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks in URL's sent to X-Chat, it is possible to execute arbitrary commands...
AnalogX SimpleServer:WWW 1.0.6 - Directory Traversal
source: https://www.securityfocus.com/bid/1508/info Requesting a specially formed url containing encoding %2E to SimpleServer 1.06 and possibley earlier versions, will enable a remote user to gain read access to known files above the SimpleServer directory. http://target/%2E%2E/filename...
AnalogX SimpleServer:WWW 1.0.5 - Denial of Service
source: https://www.securityfocus.com/bid/1349/info If a long url is sent to port 80 on a SimpleServer WWW 1.05 it could cause the service to stop responding. A restart of the server service is required inorder to regain normal functionality. http://target/cgi-bin/longstringhere...
AnalogX SimpleServer:WWW 1.0.5 - Denial of Service
AnalogX SimpleServer:WWW 1.0.5 - Denial of Service source: https://www.securityfocus.com/bid/1349/info If a long url is sent to port 80 on a SimpleServer WWW 1.05 it could cause the service to stop responding. A restart of the server service is required inorder to regain normal functionality...
CVE-2000-0209
Based on connected data, Lynx 2.x is affected by a buffer overflow triggered by processing an excessively long URL in a malicious page (title indicates Lynx
Microsoft Index Server 2.0 - %20 ASP Source Disclosure
Microsoft Index Server 2.0 - %20 ASP Source Disclosure source: https://www.securityfocus.com/bid/1084/info Index Server can be used to cause IIS to display the source of .asp and possibly other server-side processed files. By appending a space %20 to the end of the filename specified in the...
opera.txt
Date: Fri, 14 Aug 1998 09:54:09 +0800 From: "Zac Leow C.H" Subject: URL exploit to crash Opera Browser By putting an extra slash at the end of http:// tag will crash your opera browser. Tested on version 3.21 e.g. http:///opera.nta.no Seems to be save on Netscape and MSIE, they just generate an...
alibaba.2.0.txt
Date: Thu, 6 May 1999 23:51:27 +0200 From: Arne Vidstrom To: [email protected] Subject: ".."-hole in Alibaba 2.0 Hi, I've found a security hole in the web server Alibaba 2.0 the latest version. I haven't tried it on any other version. Here's an example: If you install it so the web...