CVE-2006-2437

The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...

CVE-2006-2357

CVE-2006-2357 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp, leading to partial confidentiality impact. The NVD entry lists a Netw...

Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)

The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues, including source code disclosure and cross-site scripting...

CVE-2006-2248

CVE-2006-2248 affects Xeneo Web Server 2.2.22.0. The issue allows remote attackers to obtain the source code of script files by sending crafted requests that include dot, space, and slash characters in the file extension. This is a direct information disclosure vulnerability affecting the server’...

osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability

No description provided by source. ---- osCommerce = 2.2 "extras/" information/source code disclosure ------------ software site: http://www.oscommerce.com/ if extras/ folder is placed inside the www path, you can see all files on target system, including php source code with database details, po...

osCommerce 2.2 - 'extras' Source Code Disclosure

---- osCommerce \n"; print nl2brhtmlentitiesimplode$readme, ' '; print "Continue\n"; print "\n"; exit; ... google search: inurl:"extras/update.php" intext:mysql.php -display -------------------------------------------------------------------------------- rgod site: http://retrogod.altervista.org...

CVE-2006-1598

Summary: CVE-2006-1598 affects AN HTTPD 1.42n and possibly earlier versions (before 1.42p). Vulnerability: Remote attackers can obtain the source code of scripts by sending crafted requests that exploit specific dot and space characters in the file extension. Impact: Information disclosure (confi...

CVE-2006-1483

Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot, 2 space, and 3 slash characters in the extension of a URL...

Secunia Research: Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability

====================================================================== Secunia Research 24/03/2006 - Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability - ====================================================================== Table of Contents Affected...

Design/Logic Flaw

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

[SA19306] Quick 'n Easy Web Server ASP Code Disclosure Vulnerability

TITLE: Quick 'n Easy Web Server ASP Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA19306 VERIFY ADVISORY: http://secunia.com/advisories/19306/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Quick and Easy Web Server 3.x...

Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure

Binary data 3486.prm...

CVE-2006-0819

CVE-2006-0819 affects Dwarf HTTP Server 1.3.2. A validation error in the requested URL filename extension (dot/space/slash/NULL characters) allows remote disclosure of JSP source. Secunia also notes unsanitized error responses enabling XSS. Mitigation: update to version 1.3.3.

Multiple Dwarf HTTP Server vulnerabilities

Crossite scripting, scripts source code disclosure...

CVE-2006-0815

Summary of CVE-2006-0815 : Affects NetworkActiv Web Server 3.5.15. The vulnerability arises from improper validation of filename extensions when a forward slash is included in a URL, enabling a remote attacker to disclose the source code of scripts hosted on the server (information disclosure). I...

CVE-2006-0949

RaidenHTTPD 1.1.47 is vulnerable to information disclosure via crafted requests containing dot, space, and slash characters that allow remote attackers to obtain source code of script files (e.g., PHP). The underlying issue is inadequate validation of URL filename extensions. A fix is to upgrade ...

CVE-2005-4550

The PORTAL schema in Oracle Application Server OracleAS Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a dfnextpage parameter with a trailing null byte %00...

oracle Application server discussion forum portlet - Multiple Vulnerabilities

oracle Application server discussion forum portlet - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The...

oracle Application server discussion forum portlet - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting vulnerability. Discussion Forum Portle...

CVE-2005-4473

Unspecified vulnerability in Macromedia JRun 4 web server JWS allows remote attackers to view web application source code via "a malformed URL."...