Lucene search
K

3396 matches found

securityvulns
securityvulns
added 2001/03/27 12:0 a.m.37 views

Дырка в BEA Weblogic (directory browsing)

Используя escape-символы 00, 2e, 2f, 5c можно получить содержимое каталога...

1.7AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/03/27 12:0 a.m.30 views

Re: def-2001-14: Bea Weblogic Unicode Directory Browsing

It is interesting to note that similar in fact, worse behaviour is exhibited in both Weblogic 4.5.1 and 5.1. Appending a '00' to the end of a .jsp request retrieves the source of the jsp. So far I have been able to demonstrate this on several, but not all of my weblogic farm. Results look somethi...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2001/03/09 5:0 a.m.15 views

CVE-2001-0200

HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled...

6.3AI score0.0602EPSS
Exploits1References2
CVE
CVE
added 2001/03/09 5:0 a.m.38 views

CVE-2001-0200

HSWeb 2.0 HTTP server is affected by a path-disclosure vulnerability: remote attackers can obtain the server’s physical path by requesting the /cgi/ directory if directory browsing is enabled. This results in partial confidentiality impact. The available sources do not provide exploit details, af...

5CVSS6.3AI score0.0602EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2001/01/23 12:0 a.m.25 views

Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)

=- Note: Be advised that below mentioned DoS can be traced back to TFtpServer. This is a beta-component of the "Internet Component Suite" for Delphi/C++ Builder, availble from http://www.overbyte.be. Other products using this component could be vulnerable, its creator has been notified. -- SNS...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.21 views

CVE-2000-0883

The default configuration of modperl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory...

6.7AI score0.09451EPSS
Exploits1References3
CVE
CVE
added 2001/01/22 5:0 a.m.51 views

CVE-2000-0883

The CVE-2000-0883 entry concerns Mandrake Linux mod_perl on Apache where the default mod_perl configuration (Mandrake 6.1–7.1) sets the /perl/ directory to be browseable, allowing remote listing of that directory. The vulnerability arises from an insecure Options directive that permits directory ...

5CVSS6.7AI score0.09451EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.95 views

Broker FTP unauthorized directory browsing and plain text password storing

403-SECURITY advisory Issue: Broker FTP unauthorized directory browsing and plain text password storing Author: Astral [email protected] Discovered: 07.11.2000 Published: 22.11.2000 Version: 4.7.5.0 others are probably vulnerable too Vendor: TransSoft I. Description: Broker FTP is powerful...

Exploits0
NVD
NVD
added 2000/11/14 5:0 a.m.14 views

CVE-2000-0883

The default configuration of modperl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory...

5CVSS6.7AI score0.09451EPSS
Exploits1References3
securityvulns
securityvulns
added 2000/09/03 12:0 a.m.41 views

Multiple QNX Voyager Issues

Tested Versions: QNX Voyager 2.01B Tested Distributions: QNX Demo Disk Modem v405 QNX Demo Disk Network v405 Distributor: QNX Software Systems Limited http://www.qnx.com Distributor Status: No response after 3 weeks Intro: QNX is a whole operating system aimed at the embedded computing market. Th...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2000/07/15 12:0 a.m.249 views

Security Bulletin (MS00-044)

Microsoft Security Bulletin MS00-044 - -------------------------------------- Patch Available for "Absent Directory Browser Argument" Vulnerability Originally Posted: July 14, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2000/05/29 12:0 a.m.306 views

Microsoft Windows SMB Registry : Winreg Registry Key Detection

The registry key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg is missing. This key allows you to define what can be viewed in the registry by non administrators. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10431; scriptversion"$Revision: 1.31 $";...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2000/01/03 12:0 a.m.426 views

/doc Directory Browsable (deprecated)

The /doc directory is browsable. /doc shows the contents of the /usr/doc directory, which reveals not only which programs are installed but also their versions. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 Copyright 2000 by...

6.5AI score0.31408EPSS
Exploits0References2
Exploit DB
Exploit DB
added 1999/11/04 12:0 a.m.27 views

etype eserv 2.50 - Directory Traversal

source: https://www.securityfocus.com/bid/773/info Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.26 views

netscape.find.txt

Date: Mon, 8 Mar 1999 19:48:05 +0200 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator find vulnerabilities There is a design flaw in Netscape Communicator 4.5 Win95, 4.08 WinNT I guess all 4.x version are vulnerable which allows the following security exploits: Readin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.39 views

netscape-enterprise-pageservices.txt

Date: Mon, 12 Oct 1998 13:20:11 +0200 From: Jorgen Smith To: [email protected] Subject: PageServices bug in Netscape Enterprise server Hi, Just in case it has not already been reported my guess is that it has, and that a lid is put on this till Netscape works it out, I just receive...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.26 views

alibaba.2.0.txt

Date: Thu, 6 May 1999 23:51:27 +0200 From: Arne Vidstrom To: [email protected] Subject: ".."-hole in Alibaba 2.0 Hi, I've found a security hole in the web server Alibaba 2.0 the latest version. I haven't tried it on any other version. Here's an example: If you install it so the web...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1999/06/28 12:0 a.m.16 views

Microsoft Windows NT 4.0SP 1SP 2SP 3SP 4SP 5 - Null Session Admin Name

Microsoft Windows NT 4.0SP 1SP 2SP 3SP 4SP 5 - Null Session Admin Name source: https://www.securityfocus.com/bid/494/info By establishing a Null session with an NT host, an intruder can gain the name of even a renamed Administrator account. This is because even Null sessions are added to the...

0.5AI score
Exploits0
exploitpack
exploitpack
added 1999/05/13 12:0 a.m.13 views

Apple At Ease 5.0 - Information Disclosure

Apple At Ease 5.0 - Information Disclosure source: https://www.securityfocus.com/bid/531/info At Ease 5.0 will allow a user to access any user's volume on the server through a web browser. The tested configuration is as follows: MacOS 7.6.1 should work with anything greater than 7 At Ease 5.0.2...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 1999/05/13 12:0 a.m.28 views

Apple At Ease 5.0 - Information Disclosure

source: https://www.securityfocus.com/bid/531/info At Ease 5.0 will allow a user to access any user's volume on the server through a web browser. The tested configuration is as follows: MacOS 7.6.1 should work with anything greater than 7 At Ease 5.0.2 AppleShare IP 5.0.3 Netscape 4.0.7 No reason...

7.4AI score
Exploits0
Rows per page
Query Builder