GoAheaad Webserver Source Code Disclosure Vulnerability

No description provided by source. Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform only Code ...

TalentSoft Web+ Client/Monitor/server 4.6 Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1722/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. Web+ can be used to display the source code of WML files residing on an NTFS parition by appending certain data t...

Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

tgs cms 0.x (xss/sql/fd) Multiple Vulnerabilities

No description provided by source. | | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | | | | | | | | | | | | |/ / ||//\||| |||| ||,/| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ TGS CMS Cross Site Scripting,SQL injection,Blind SQL/XPath injection,Source code disclosure, Multiple...

PHP Advanced Transfer Manager <= 1.30 Source Code Disclosure Exploit

No description provided by source. ? / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:...

bloofox 0.3 (sql/fd) Multiple Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote...

JDownloader Webinterface Source Code Disclosure Vulnerability

No description provided by source. Exploit Title: JDownloader Webinterface Source Code Disclosure Date: 11/24/10 Author: Sil3ntDre4m Software Link: http://jdownloader.org Version: Latest 0.9.850 Tested on: Windows, Linux JDownloader WebInterface is vulnerable to a source code disclosure exploit t...

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending +.htr to a request for a known .asp or .asa, .ini, etc file. Appending...

Lighttpd < 1.4.23 Source Code Disclosure Vulnerability (BSD/Solaris bug)

No description provided by source. Severe vulnerability due to a bug in FreeBSD, OS X and Solaris 10 filesystems affecting Lighttpd 1.4.23 A bug was discovered in the way FreeBSD, OS X and Solaris prior version 10 handle symlinks appended with a slash /. Accessing a regular file through a symboli...

Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2527/info BEA Systems WebLogic Server is an enterprise level web and wireless application server. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets and Java Pages. Tomcat shi...

IBM HTTP Server 1.3.x Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to...

BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1378/info Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet. If an ht...

Douran 3.9.7.8 File Download/Source Code Disclosure Vulnerability

No description provided by source. Title: Douran Portal File Download/Source Code Disclosure Vulnerability Date of Publishing: 16 March 2010 Application Name: Douran Portal Version: 3.9.7.8 Impact: Medium Vendor: www.douran.com Link: http://douran.com/HomePage.aspx?TabID=4862 Vendor Responses: Th...

Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure

No description provided by source. Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.htm Version: prior t...

CVE-2014-2719

AdvancedSystemContent.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code...

Code injection

AdvancedSystemContent.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code...

Yahoo!: readble .htaccess + Source Code Disclosure (+ .SVN repository)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

[Netsparker v3.2] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

[Arachni v0.4.4] The Web Application Security Scanner Framework

Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit. Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible...

Resin Application Server 4.0.36 XSS / Source Code Disclosure

Resin Application Server version 4.0.36 suffers from a cross site scripting / source code disclosure vulnerabilities. Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional...