622 matches found
lyris-listmanager.txt
Title: Lyris ListManager Multiple Flaws Release Date: December 8, 2005 Patch Date: Unknown v8.9b resolves most issues Reported Date: June 21, 2005 Vendor: Lyris Systems Affected: Lyris ListManager v5.0-8.8a most flaws Summary: The Lyris ListManager software is vulnerable to numerous SQL injection...
CVE-2005-4147
The TCLHTTPd component of Lyris ListManager (pre-8.9b) is vulnerable: remote attackers can obtain source code for arbitrary .tml TCL files via a request containing a trailing null byte (%00), with a possible authentication bypass involving a username ending in “@”. Affected product/version: ListM...
CVE-2004-2636
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL...
[SA17659] Jetty JSP Source Code Disclosure Vulnerability
TITLE: Jetty JSP Source Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA17659 VERIFY ADVISORY: http://secunia.com/advisories/17659/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Jetty 5.x http://secunia.com/product/6169/ DESCRIPTION: A...
WebLogic source code disclosure
There is a bug in the Weblogic web application. Namely, by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. OpenVAS Vulnerability Test $Id: consolehelp.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: WebLogic source code disclosure Authors: John Lampe...
Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail
The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - . This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities. OpenVAS Vulnerability Test $Id:...
ASP/PHP '%20' Source Code Disclosure Vulnerability - Active Check
Multiple products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi SPDX-FileCopyrightText: New code / detection methods since 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
MondoSoft MondoSearch < 4.4.5156 'msmmask.exe' Source Disclosure Vulnerability - Active Check
MondoSoft MondoSearch is prone to a source code disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2005-3293
Xerver 4.17 allows remote attackers to 1 obtain source code of scripts via a request with a trailing "." dot or 2 list directory contents via a trailing null character...
CVE-2005-3293
CVE-2005-3293 affects Xerver before v4.20. Two information-disclosure vectors are described: (1) appending a trailing dot to a script URL to obtain its source code, and (2) sending a request with a trailing null character (%00) to list directory contents. Evidence from NVD/CVE records confirms vu...
[SA17164] Sun Java System Application Server JSP Source Code Disclosure
TITLE: Sun Java System Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA17164 VERIFY ADVISORY: http://secunia.com/advisories/17164/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Sun Java System Application Server Sun ONE 7...
[Full-disclosure] 3 minor vulnerabilities in IPSwitch products
The following 3 minor vulnerabilities were found in the products Whatsup Gold 8.04 and WhatsUp Small Business 2004 Ipswitch Whatsup Gold 8.04 - Access to view source code of all filesCIRT-34-advisory Ipswitch Whatsup Gold 8.04 - Cross Site Scripting CIRT-35-advisory Ipswitch Whatsup small Busines...
Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)
There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file, when the files are stored on a FAT partition. ASP source code can contain sensitive information such as username's and passwords for ODBC connections. %NASLMINLEVEL 70300 C...
CVE-2004-2213
CVE-2004-2213 affects the Mbedthis AppWeb HTTP server prior to 1.1.3. An HTTP request containing a trailing dot "." or trailing space can disclose the server-side source code of scripts to a remote attacker. The description indicates the vulnerability path is via crafted requests, enabling partia...
CVE-2004-2213
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a 1 trailing dot "." or 2 trailing space in an HTTP request...
CVE-2002-1986
Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
Yaws 1.5x - Source Code Disclosure
Yaws 1.5x - Source Code Disclosure source: https://www.securityfocus.com/bid/13981/info A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code. Information obtained in this manner may be used by the attacker to launch further attacks against a...
[Full-disclosure] Source Code Disclosure in Yaws Webserver <1.56
SEC-CONSULT Security Advisory 20050616-0 ======================================================================= title: Source Code Disclosure in Yaws Webserver program: Yaws Webserver vulnerable version: 1.55 and earlier homepage: http://yaws.hyber.org found: 2005-06-01 by: M. Eiszner /...
Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure
The remote host is running the Yaws web server. The remote version of this software is vulnerable to a source code disclosure issue. By requesting a '.yaws' script following by %00, an attacker may force the remote server to disclose the source code of that script. Since scripts may contain...