CVE-2002-1857

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2002-1951

Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories...

CVE-2002-1941

Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote attackers to cause a denial of service crash via a long HTTP GET request with the Host header set...

CVE-2002-1941

CVE-2002-1941 affects RadioBird WebServer 4 Everyone 1.28. A crafted long HTTP GET request with the Host header set can trigger a buffer overflow, leading to a denial of service (crash). The vulnerability is remotely exploitable over the network with low access complexity and no authentication; t...

ASPPlayGround.NET 3.2 SR1 - Arbitrary File Upload

ASPPlayGround.NET 3.2 SR1 - Arbitrary File Upload source: https://www.securityfocus.com/bid/14070/info ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly...

ASPPlayGround.NET 3.2 SR1 - Arbitrary File Upload

source: https://www.securityfocus.com/bid/14070/info ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server. This issue...

GLSA-200506-21 : Trac: File upload vulnerability

The remote host is affected by the vulnerability described in GLSA-200506-21 Trac: File upload vulnerability Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the 'id' parameter when uploading attachments to the wiki or the bug tracking system. Impact : A remote...

cacti -- multiple vulnerabilities

Stefan Esser reports: Wrongly implemented user input filters lead to multiple SQL Injection vulnerabilities which can lead f.e. to disclosure of the admin password hash. Wrongly implemented user input filters allows injection of user input into executed commandline. Alberto Trivero posted his...

CVE-2002-1780

BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that enables a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. The note indicates that some of these application-level DOS device issues may stem from a Windows bug, and the pro...

CVE-2002-1780

BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service crash by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Window...

phpMyVisites.txt

================================================================== File: phpMyVisites 1.3 local file retrieval From: remote Date: 26/04/2005 Credits: Max Cerny maxatczernydotcz Vendor: http://www.phpmyvisites.net Affected version: 1.3, not tested...

CVE-2005-2008

CVE-2005-2008 affects Yaws Webserver 1.55 and earlier. A remote attacker can obtain the source code of yaw scripts by requesting a .yaws script with a trailing %00 (null). The root cause is a null-byte handling issue in script requests. Impact is information disclosure of script source; no integr...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...

trac -- file upload/download vulnerability

Stefan Esser reports: Trac's wiki and ticket systems allows to add attachments to wiki entries and bug tracker tickets. These attachments are stored within directories that are determined by the id of the corresponding ticket or wiki entry. Due to a missing validation of the id parameter it is...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...

DEBIAN-CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...

JBoss 3.x4.0.2 - HTTP Request Remote Information Disclosure

JBoss 3.x4.0.2 - HTTP Request Remote Information Disclosure source: https://www.securityfocus.com/bid/13985/info JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplie...

Yaws Webserver source code leak

00 at the end of executable file allows to see it's content...