[Full-disclosure] Source Code Disclosure in Yaws Webserver <1.56

SEC-CONSULT Security Advisory 20050616-0 ======================================================================= title: Source Code Disclosure in Yaws Webserver program: Yaws Webserver vulnerable version: 1.55 and earlier homepage: http://yaws.hyber.org found: 2005-06-01 by: M. Eiszner /...

yawcam025.txt

Donato Ferrante Application: Yawcam http://www.yawcam.com Version: 0.2.5 Bug: directory traversal Date: 21-Apr-2005 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bu...

PHP-Nuke 7.x - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...

PHP-Nuke 7.x - Multiple Remote File Inclusions

PHP-Nuke 7.x - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issue...

PHP Poll Creator 1.0.1 - Poll_Vote.php Remote File Inclusion

PHP Poll Creator 1.0.1 - PollVote.php Remote File Inclusion source: https://www.securityfocus.com/bid/13760/info PHP Poll Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...

CVE-2005-1661

Affected software: Jeuce Personal Webserver 2.13. Vulnerability: remote attackers can cause a denial-of-service (server crash) via a long GET request, possibly triggering a buffer overflow. This is the root cause described across connected documents. Impact: DoS with server instability; no detail...

CVE-2005-1661

Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service server crash via a long GET request, possibly triggering a buffer overflow...

CVE-2005-1661

Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service server crash via a long GET request, possibly triggering a buffer overflow...

directory traversal in SimpleCam 1.2

Donato Ferrante Application: SimpleCam http://www.deadpirate.com/ Version: 1.2 Bug: directory traversal Date: 04-May-2005 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2...

I-Mall Commerce - i-mall.cgi Remote Command Execution

I-Mall Commerce - i-mall.cgi Remote Command Execution I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1...

CVE-2005-1416

Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder...

CVE-2005-1416

Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder...

CVE-2005-0574

Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. dot dot sequences in the URL...

CVE-2005-0730

PY Software Active Webcam WebServer webcam.exe 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt...

CVE-2005-0734

PY Software Active Webcam WebServer webcam.exe 5.5 allows remote attackers to cause a denial of service memory exhaustion and process crash via a large number of HTTP requests...

[Full-disclosure] directory traversal in Yawcam 0.2.5

Donato Ferrante Application: Yawcam http://www.yawcam.com Version: 0.2.5 Bug: directory traversal Date: 21-Apr-2005 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bu...

double094.txt

GulfTech Security Research April 8th, 2005 Vendor : Michael Dean URL : http://dcl.sourceforge.net/ Version : Double Choco Latte 0.9.4 .3 && Earlier Risk : Multiple Vulnerabilities Description: Double Choco Latte is a GNU Enterprise package that provides basic project management capabilities, time...

MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit

No description provided by source. !/usr/bin/perl MCPWS Personal - Webserver = 1.3.21 DoS Exploit Vendor: http://www.mcpsoftware.de The coder used a unsecure VB-function Open to open requested files and didn't include a working error handling On Error Goto etc. It's possible to exploit this...

MCPWS Personal WebServer 1.3.21 - Denial of Service

MCPWS Personal WebServer 1.3.21 - Denial of Service !/usr/bin/perl MCPWS Personal - Webserver \n"; exit1; system "clear"; $server = $ARGV0; system "clear"; print "- MCPWS Personal-Web Server new Proto = "tcp", PeerAddr = "$server", PeerPort = "80"; unless $socket die "- $server is offline\n" prin...

MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit

Exploit for unknown platform in category dos / poc ============================================================ MCPWS Personal WebServer \n"; exit1; system "clear"; $server = $ARGV0; system "clear"; print "- MCPWS Personal-Web Server new Proto = "tcp", PeerAddr = "$server", PeerPort = "80"; unles...