Lucene search
K

3860 matches found

securityvulns
securityvulns
added 2002/04/18 12:0 a.m.30 views

Physical path leakage in ColdFusion

Error message on access attempt to DOS device contains physical path...

2.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/04/18 12:0 a.m.26 views

KPMG-2002013: Coldfusion Path Disclosure

-------------------------------------------------------------------- Title: Coldfusion Path Disclosure BUG-ID: 2002013 Released: 18th Apr 2002 -------------------------------------------------------------------- Problem: ======== Requests for certain DOS-devices are parsed by the isapi filter tha...

7AI score
Exploits0
exploitpack
exploitpack
added 2002/03/21 12:0 a.m.17 views

PHP-Nuke 5.x - Error Message Web Root Disclosure

PHP-Nuke 5.x - Error Message Web Root Disclosure source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.20 views

CVE-2001-0658

Cross-site scripting CSS vulnerability in Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message...

6.5AI score0.1134EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2002/03/05 12:0 a.m.84 views

Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure

source: https://www.securityfocus.com/bid/4235/info Microsoft IIS supports Basic and NTLM authentication. Reportedly, the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also...

7.4AI score
Exploits0
NVD
NVD
added 2002/02/06 5:0 a.m.29 views

CVE-2001-1372

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...

5CVSS6AI score0.06483EPSS
Exploits1References8
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.22 views

CVE-2001-1073

Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables 1 APPLPHYSICALPATH, 2 PATHTRANSLATED, and 3 LOCALADDR...

6.2AI score0.01697EPSS
Exploits1References3
NVD
NVD
added 2001/12/06 5:0 a.m.32 views

CVE-2001-0829

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message...

5.1CVSS5.8AI score0.1382EPSS
Exploits1References3
securityvulns
securityvulns
added 2001/10/19 12:0 a.m.55 views

Ssdpsrv.exe in WindowsME

By connecting to a computer running Ssdpsrv you are able to crash the Ssdpsrv server. Ssdpsrv.exe is the file that starts the UPnP server on WindowsME boxes. This service comes standard with the WindowsME installation. The Ssdpsrv.exe server is started at boot. Here is the registry entry:...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.26 views

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

6.4AI score0.03046EPSS
Exploits0References4
NVD
NVD
added 2001/08/31 4:0 a.m.19 views

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

5CVSS6.4AI score0.03046EPSS
Exploits0References4
NVD
NVD
added 2001/08/31 4:0 a.m.12 views

CVE-2001-1073

Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables 1 APPLPHYSICALPATH, 2 PATHTRANSLATED, and 3 LOCALADDR...

5CVSS6.2AI score0.01697EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2001/08/16 12:0 a.m.30 views

Jakarta Tomcat 3.x/4.0 - Error Message Information Disclosure

source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks...

7.4AI score
Exploits0
NVD
NVD
added 2001/07/02 4:0 a.m.10 views

CVE-2001-1161

Cross-site scripting CSS vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script...

7.5CVSS6.5AI score0.03635EPSS
Exploits0References6
NVD
NVD
added 2001/07/02 4:0 a.m.18 views

CVE-2001-1084

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message...

7.5CVSS6.2AI score0.03113EPSS
Exploits1References6
securityvulns
securityvulns
added 2001/06/04 12:0 a.m.22 views

Qpopper 4.0.3 **** Fixes Buffer Overflow ****

Qpopper 4.0.3 is available at ftp://ftp.qualcomm.com/eudora/servers/unix/popper/. 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 -- PLEASE UPGRADE IMMEDIATELY Changes from 4.0.2 to 4.0.3: ---------------------------- 1. Don't call SSLshutdown unless we tried to negotiate an SSL...

4.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/05/29 12:0 a.m.25 views

Netscape Messenging Server POP3 Error Message User Account Enumeration

The remote POP server allows an attacker to obtain a list of valid logins on the remote host, thanks to a brute-force attack. If the user connects to this port and issues the commands : USER 'someusername' PASS 'whatever' the user will then get a different response whether the account...

5CVSS5.6AI score0.01697EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2001/04/28 12:0 a.m.27 views

BRS Webweaver 0.x - FTP Root Full Path Disclosure

source: https://www.securityfocus.com/bid/2676/info BRS WebWeaver is an ftpd and webserver from Blaine Southam. WebWeaver's FTP component has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory. By submitting the FTP command CD argumented by an...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/03/21 12:0 a.m.601 views

DGUX lpsched buffer overflow

Hi there! There's a vulnerability in DG's UNIX implementation DGUX, version R4.20MU06 and MU02 ia32 arch. The problem is when a very long, non-existant, printer name is passed to the program lpsched. It tries to format an error message and then the buffer overflow occurs... Data General was told...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2001/03/19 12:0 a.m.31 views

DG/UX 4.20 lpsched - 'Error Message' Local Buffer Overflow

// source: https://www.securityfocus.com/bid/2509/info DGUX is the Data General revision of UNIX. It is designed as a solution for Intel systems produced by Data General. A problem in the handling of error messages by the printer scheduler could allow arbitrary execution of code. By placing a...

7AI score
Exploits0
Rows per page
Query Builder