556 matches found
Directory traversal vulnerability in WEBrick
Directory traversal vulnerability in WEBrick when running on systems that support backslash path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash sequences or 2 filenames that match patterns in the :NondisclosureName opti...
Trusted authentication doesn't work for Confluence users with uppercase usernames
Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...
CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...
CVE-2006-1166
Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...
Design/Logic Flaw
Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...
CVE-2006-1166
Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary...
CVE-2006-0760
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...
Design/Logic Flaw
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...
[SA18869] Lighttpd Case-Insensitive Filename Source Code Disclosure
TITLE: Lighttpd Case-Insensitive Filename Source Code Disclosure SECUNIA ADVISORY ID: SA18869 VERIFY ADVISORY: http://secunia.com/advisories/18869/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: lighttpd 1.x http://secunia.com/product/4661/...
PT-2005-5196 · Webwasher · Webwasher Csm Appliance Suite
Name of the Vulnerable Software and Affected Versions: Webwasher CSM Appliance Suite version 5.x Description: The encapsulation script mechanism in the affected software uses case-sensitive detection of malicious tokens. This allows attackers to bypass script detection by using tokens that can be...
CVE-2002-2119
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing...
CVE-2002-0394
Red-M 1050 Bluetooth Access Point uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords...
CVE-2002-2119
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing...
PT-2002-2839 · Novell · Novell Edirectory
Name of the Vulnerable Software and Affected Versions: Novell eDirectory versions 8.6.2 through 8.7 Description: The issue allows remote attackers to conduct brute force password guessing more easily due to the use of case insensitive passwords. Recommendations: For Novell eDirectory versions 8.6...
Mac OS X - Apache & Case Insensitive Filesystems
Environment: Mac OS X 10.0.3 / Darwin 1.3.3 Apache 1.3.14 This is the the default setup, out of the box, with available software updates installed. Please note, this is OS X Client. Who is affected: Everybody who used Apache on Mac OS X Client with the following conditions: + Documents are on a...
Проблемы с защитой директорий в Apache под MacOS (case insensitive filesystem)
При использовании файловой системы с наименованием файлов не чуствительным к реестру можно обойти защиту каталогов...