Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library within the .NET framework fails to properly handle certain API calls. Successful exploits can allow an attacker to execute arbitrary code with the privileges of the currently...

CVE-2009-2301

The CVE-2009-2301 entry concerns the Radware AppWall Web Application Firewall (WAF) version 1.0.2.6 with Gateway 4.6.0.2. The vulnerability allows remote attackers to read source code by directly requesting one of three files (Management/.)(funcs.inc, defines.inc, msg.inc). The underlying issue i...

CentOS Update for kernel CESA-2008:0211 centos3 i386

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CVE-2008-5100

The strong name SN implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache GAC and Code...

CVE-2008-5100

CVE-2008-5100 concerns the strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 . The description in multiple connected sources states that SN validation relies on the Public Key Token embedded in the DLL’s pathname rather than the file’s own digital signature. This design flaw c...

MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure

source: https://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syst...

Simple HTTPD multiple security vulnerabilities

Directory traversal, script source code access...

EUVD-2007-0583

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

CVE-2006-6104

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...

Multiple IBM Websphere security vulnerabilities

JSP pages source code access...

CVE-2006-1791

CVE-2006-1791 affects QuickBlogger 1.4 through the file acc.php , enabling a directory traversal that lets an attacker read or include arbitrary local files via the request parameter; note that an include failure can yield XSS . The connected documents confirm the affected product and vulnerabili...

CVE-2005-3747

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...

CVE-2005-0310

Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to 1 search.info.php, 2 permissions.info.php, 3 security.info.php, 4 formcontrol.php, or 5 filemodules.php, which reveals the path in an error message because the pathoscoreversion variable is undefine...

Macromedia JRun Server contains an information disclosure vulnerability

Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...

CVE-2002-1394

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

CVE-2002-1148

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

Dotnetnuke Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------ DOTNETNUKE MULTIPLE VULNBERABILITIES - - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/?429 1 Source Code & File Access; Severity : Highly...

CVE-2003-0423

parsexml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter...

PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection

source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitatio...

CVE-2002-1528

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...