18 matches found
CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
Mono MonoX CMS Code Execution Vulnerability
MonoX CMS is an ASP.NET-based content management system CMS and social networking platform from Mono Croatia. A security vulnerability exists in Mono MonoX CMS 5.1.40.5152 and earlier versions. The vulnerability can be exploited by an attacker to execute arbitrary code by modifying an ASPX templa...
Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by t...
Cogent DataHub Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPermissions.asp component of the web server. This active server page is vulnerab...
Microsoft Outlook Web Access Cross-Site Scripting (MS05-029; CVE-2005-0563)
Microsoft Outlook Web Access OWA is a component of Microsoft Exchange Server. OWA allows authorized users to send and receive email, manage a calendar, and perform other functions using a web browser. OWA utilizes HTML, CSS and scripting techniques to present the user interface through the web...
Active Server Page Bulletin Board Database Disclosure
======================================================================================== | Title : AspBB - Active Server Page Bulletin Board DB Download Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -0021377181886...
AspBB - Active Server Page Bulletin Board DB Download Vulnerability
Exploit for unknown platform in category web applications =================================================================== AspBB - Active Server Page Bulletin Board DB Download Vulnerability ===================================================================...
AspBB - Active Server Page Bulletin Board DB Download Vulnerability
No description provided by source. ======================================================================================== | Title : AspBB - Active Server Page Bulletin Board DB Download Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum ...
Microsoft IIS Semi-Colon Execution
Microsoft IIS 0Day Vulnerability in Parsing Files semi-colon bug Application: Microsoft Internet Information Services - IIS All versions Impact: Highly Critical for Web Applications Finding Date: April 2007 Report Date: Dec. 2009 Found by: Soroush Dalili Irsdl 4t yahoo d0t com Website:...
CVE-1999-1375
CVE-1999-1375 concerns FileSystemObject (FSO) used by showfile.asp (ASP); remote attackers can read arbitrary files by specifying the file parameter. Affected: showfile.asp with FSO operations. Root cause and full impact are described as arbitrary file reads in the provided documents. No remediat...
CVE-1999-1375
FileSystemObject FSO in the showfile.asp Active Server Page ASP allows remote attackers to read arbitrary files by specifying the name in the file parameter...
activeX.file.system.object.txt
Date: Thu, 11 Feb 1999 17:37:18 -0500 From: Gary Geisbert To: [email protected] Subject: Using FSO in ASP to view just about anything This active server page opens the FileSystemObject and streams the contents of the file specified in the "file" parameter. The problem with FSO is...
Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA
source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...
Microsoft IIS 4.0 Microsoft Site Server 3.0 - Showcode ASP
Microsoft IIS 4.0 Microsoft Site Server 3.0 - Showcode ASP source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web...
Microsoft IIS 4.0 / Microsoft Site Server 3.0 - Showcode ASP
source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by the web server. IIS 4.0 installs a...
CVE-1999-1375
FileSystemObject FSO in the showfile.asp Active Server Page ASP allows remote attackers to read arbitrary files by specifying the name in the file parameter...
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this synta...
Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files
Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing...