DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs

Overview DansGuardian does not properly filter Description DansGuardian is an HTTP proxy server based on Squid and enhanced to filter web content. DansGuardian does not properly process URLs that contain certain unspecified hexadecimal encodings, resulting in incomplete filtering of HTTP response...

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

CVE-2001-0590

CVE-2001-0590 affects Apache Tomcat Servlet prior to 3.2.2. A malformed URL request that does not end with a protocol (e.g., HTTP/1.0) can cause a remote attacker to read the source code of arbitrary JSP files, constituting information disclosure. The issue is confirmed in multiple sources tying ...

CVE-2001-0926

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...

CVE-2001-0778

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space %20...

CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...

CVE-2001-1140

BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 null byte to the request...

CVE-2001-0446

IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...

WebTrends Enterprise Reporting Server 3.1 c/3.5 - Source Code Disclosure

source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of arbitrary scripts on the WebTrends Live webserver. This is accomplished by...

CVE-2001-0446

IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...

CVE-2001-0399

CVE-2001-0399 affects Caucho Resin 1.3b1 and earlier. A path traversal / information disclosure flaw lets remote attackers read Javabean source by inserting a .jsp before the WEB-INF specifier in an HTTP request. OpenVAS entries corroborate the issue as a remote vulnerability with a 5.0 CVSS base...

CVE-2001-0312

IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing...

CVE-2000-1052

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet...

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...

iis.asp.txt

NtWaK0 Bug / Security / Advisory Saturday, October 21, 2000 IIS 5 and using ..%c0%af../winnt/system32/cmd.exe?/c+type+c: To Read any ASP source Code of the server o Synopsis Based on http://www.wiretrip.net/rfp/p/doc.asp?id=57&iface=2 I done some research and found that that ..%c0%af.. can be use...

CVE-2000-0683

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...

CVE-2000-0500

The CVE-2000-0500 entry affects BEA WebLogic 5.1.0; the default configuration allows a remote attacker to view source code by requesting a URL beginning with /file/, causing the default servlet to display the file without processing. The available sources consistently describe this behavior; no e...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...

CVE-2000-0630

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...