127 matches found
Design/Logic Flaw
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root...
Powerschool 4.3.6/5.1.2 - JavaScript File Request Information Disclosure
source: https://www.securityfocus.com/bid/22611/info Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables. An attacker can exploit these issue to obtain sensitive information that may aid in other...
HTTP Upload Tool (download.php) Information Disclosure Vulnerability
Exploit for unknown platform in category web applications ==================================================================== HTTP Upload Tool download.php Information Disclosure Vulnerability ==================================================================== Target: HTTP Upload Tool For PHP 1...
CVE-2006-4743
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for 1 404.php, 2 akismet.php, 3 archive.php, 4 archives.php, 5 attachment.php, 6 blogger.php, 7 comments.php, 8 comments-popup.php, 9 dotclear.php, 10 footer.php, 11 functions.php, 12...
CVE-2006-2563
The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...
CVE-2006-2563
The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...
SHOUTcast 1.9.4 - File Request Leaked Format String
SHOUTcast 1.9.4 - File Request Leaked Format String / Shoutcast include include include include include include include include include include include define SHELLPORT 7000 define SHELLCOMMAND "unset HISTFILE; uname -a; id;" if 1 unsigned char shellcode = / bindshell 7000 Unknown /...
SHOUTcast <= 1.9.4 File Request Format String Exploit (Leaked)
Exploit for linux platform in category remote exploits ============================================================== SHOUTcast include include include include include include include include include include include define SHELLPORT 7000 define SHELLCOMMAND "unset HISTFILE; uname -a; id;" if 1...
SHOUTcast <= 1.9.4 File Request Format String Exploit (Leaked)
No description provided by source. / Shoutcast = 1.9.4 exploit by crash-x Trys to upload the shellcode to a fixed address and execute it. This exploit was not written bei Simon 'Zodiac' Moser segfault.ch. / include stdio.h include stdlib.h include stdarg.h include string.h include sys/types.h...
CVE-2005-4703
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto...
Active WebCam Webserver <= 5.5 Multiple Vulnerabilities (DoS, Path Disc)
The version of PY Software's Active WebCam web server running on the remote host is affected by multiple vulnerabilities: o Denial of Service Vulnerabilities. A request for a file on floppy drive may result in a dialog prompt, causing the service to cease until it is acknowledged by an...
Microsoft MSN Messenger fails to properly validate file requests
Overview Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with friends using text messages,...
KDE 3.0.x - KPF Icon Option File Disclosure
KDE 3.0.x - KPF Icon Option File Disclosure source: https://www.securityfocus.com/bid/5951/info A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system. It has been reported that by passing a malicious file request to kpf, it is possibl...
KDE 3.0.x - KPF Icon Option File Disclosure
source: https://www.securityfocus.com/bid/5951/info A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system. It has been reported that by passing a malicious file request to kpf, it is possible for a remote attacker to access files...
CVE-2002-0894
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service crash via 1 a request for a long .jsp file, or 2 a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet...
Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
Hello, The vendor has already sent out notices and the patches can be found on the vendors homepage listed below. - [email protected] Cgi Security Advisory 6 [email protected] Thttpd and MiniHttpd Webserver Permission Bypass Found November 2001 Public Release November 2001 Vendor Contacted...
Icecast 1.1.x1.3.x - Slash File Name Denial of Service
Icecast 1.1.x1.3.x - Slash File Name Denial of Service source: https://www.securityfocus.com/bid/2933/info Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems. Icecast does not sufficiently sanitize user-supplied input, or sanely handle unexpected input...
CVE-2001-0264
Gene6 G6 FTP Server 2.0 aka BPFTP Server 2.10 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection...
elron im Anti-Virus 3.0.3 - Directory Traversal
source: https://www.securityfocus.com/bid/2519/info Elron IM is a suite of tools providing internet filtering, virus protection, and other features. Certain non-current versions of products in the Internet Manager suite, including IM Anti-Virus, are vulnerable to directory traversal attacks. An...
CVE-2001-0031
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist...