UBUNTU-CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

sa2001_02.txt

NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system...

Дырка в IIS (double decoding directory traversal)

Путь к CGI-программе декодируется дважды, что позволяет обойти проверку на обратный путь в директориях...