622 matches found
Yaws 1.5x - Source Code Disclosure
source: https://www.securityfocus.com/bid/13981/info A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code. Information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system. Yaws 1.55 and prior...
CVE-2005-1366
Pico Server (pServ) up to version 3.2 is affected by an information-disclosure flaw that lets remote attackers obtain the source code of CGI scripts. The vulnerability arises from a flawed CGI-bin path check: requesting URLs like somedir/../cgi-bin can cause the server to return the CGI source in...
PServ 3.2 - Source Code Disclosure
PServ 3.2 - Source Code Disclosure source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information...
PServ 3.2 - Source Code Disclosure
source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information gathered through this attack could b...
CVE-2005-1112
The vulnerability CVE-2005-1112 affects IBM WebSphere Application Server 6.0 and earlier when the web server shares its document root. An HTTP request with an invalid/ nonexistent Host header causes the request to be processed by the web server instead of the JSP engine, allowing remote attackers...
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...
AN HTTPD 1.42 - Arbitrary Log Content Injection
AN HTTPD 1.42 - Arbitrary Log Content Injection source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs ma...
AN HTTPD 1.42 - Arbitrary Log Content Injection
source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in concealing attacks and/or misleading...
RaidenHTTPD < 1.1.34 Multiple Remote Vulnerabilities
The remote host is running RaidenHTTPD 1.1.33 or older. Ther are various flaws in the remote version of this server which may allow an attacker to disclose the source code of any PHP file hosted on the remote server, or to execute arbitrary code on the remote with the privileges of the remote...
CVE-2005-0453
The bufferurldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 null character after the file extension...
[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure
TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...
SUSE-SA:2005:002: php4, mod_php4
The remote host is missing the patch for the advisory SUSE-SA:2005:002 php4, modphp4. PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser and Marcus Boerger found several buffer overflow problems in the unserializer functions of PHP CVE-2004-1019...
Debian DSA-170-1 : tomcat4 - source code disclosure
A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security...
Macromedia JRun Multiple Vulnerabilities
Binary data 2316.prm...
JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking)
The remote host is running JRun, a J2EE application server running on top of IIS or Apache. There are multiple flaws in the remote version of this software : - The JSESSIONID variable is not implemented securely. An attacker may use this flaw to guess the session id number of other users. Only JR...
CVE-2002-1148
CVE-2002-1148 refers to a vulnerability in Apache Tomcat where the default servlet (org.apache.catalina.servlets.DefaultServlet) on Tomcat 4.0.4, 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Connected sources (GHSA and OSS/ID...
Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities
The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. %NASLMINLEVEL 70300 Th...
Apache Tomcat 4.0.x < 4.0.5 / 4.1.x < 4.1.11 JSP Source Code Disclosure
Binary data 1463.pasl...
Merak Mail Server 7.4.5 - calendar.html?schedule SQL Injection
Merak Mail Server 7.4.5 - calendar.html?schedule SQL Injection source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - ...
Merak Mail Server 7.4.5 - address.html Multiple Cross-Site Scripting Vulnerabilities
Merak Mail Server 7.4.5 - address.html Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site...