4676 matches found
CVE-2001-0634
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service...
CVE-2001-0634
Sun Chili!Soft ASP has weak permissions on various configuration files, enabling a local attacker to gain additional privileges and cause a denial of service. Affected product: Sun Chili!Soft ASP. Root cause: insecure/weak permissions on configuration files. CVSS v2 base score 7.2 (HIGH) with loc...
Snitz Forums 2000 3.03.13.3 - Image Tag Cross-Agent Scripting
Snitz Forums 2000 3.03.13.3 - Image Tag Cross-Agent Scripting source: https://www.securityfocus.com/bid/4192/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz Forums 2000 allows users to include images in forum messages using image tags,...
CVE-2002-1603
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, , %2f encoded /, %20 encoded space, or %00 encoded null character, which returns the ASP source code unparsed...
Microsoft IIS ASP Redirection Function XSS
The remote host contains an ASP.NET installation that is affected by a cross-site scripting vulnerability. An attacker can exploit this issue to execute arbitrary HTML or script code in a user's browser within the security context of the affected site. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2001-0972
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie UserID 1, i.e. "0888888."...
CVE-2001-0972
The CVE-2001-0972 entry concerns Surf-Net ASP Forum prior to version 2.30, where admin cookies are derived from the UserID and are easily guessable (example: admin cookie for UserID 1 is “0888888”). This creates a remote‑attack risk: a attacker could calculate the admin cookie and gain administra...
Microsoft Site Server 3.0 - Cross-Site Scripting
Microsoft Site Server 3.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3999/info Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commer...
Microsoft Site Server 3.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/3999/info Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well...
Обратный путь в директориях aspapload (directory traversal)
Обратный путь в директориях в демонстрационных ASP-скриптах...
Microsoft Internet Explorer 5.5/6.0 - Spoofable File Extensions
source: https://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmless file type file in the Download...
CVE-2001-0709
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...
CVE-1999-0154
The vulnerability affects IIS versions 2.0–3.0, where a request ending with a period (dot) can cause the server to reveal ASP page source to an attacker. This is a remote read of source code resulting from the URL handling behavior in IIS 2.0/3.0. Practical impact: exposure of ASP source. The PT-...
CVE-1999-1017
CVE-1999-1017 concerns Seattle Labs Emurl 2.0 (and possibly earlier versions), where e-mail attachments are stored in a directory with scripting enabled. This configuration allows a malicious ASP file attachment to execute when the recipient opens the message. The connected documents reproduce th...
CVE-1999-0154
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL...
CVE-2001-0972
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie UserID 1, i.e. "0888888."...
CVE-2001-0709
Vulnerability summary (CVE-2001-0709): Microsoft IIS 4.0 and earlier, when installed on a FAT partition, is susceptible to remote disclosure of ASP source code. An attacker can obtain the source by requesting a URL encoded with Unicode. The description in the provided documents confirms the expos...
CVE-2001-0709
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...
CVE-2001-0633
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' dot dot attack in the sample script 'codebrws.asp'...
CVE-2001-0634
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service...