NaviCOPA 2.0.1 URL Handling Buffer Overflow

No description provided by source. $Id: navicopagetoverflow.rb 9797 2010-07-12 23:25:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

CVE-2009-4529

InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs...

Code injection

InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs...

CVE-2009-4529

InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs...

CVE-2009-4529

NaviCOPA Web Server (3.0.1.2 and earlier) is affected by CVE-2009-4529. A trailing encoded space in a request URI (e.g., /index.html%20 or /index.php%20) can disclose the server-side source code of pages/CGIs to a remote attacker. Affected product is NaviCOPA Web Server; root cause is improper ha...

PT-2009-6627 · Intervations · Intervations Navicopa Web Server

Name of the Vulnerable Software and Affected Versions: InterVations NaviCOPA Web Server versions 3.0.1.2 and earlier Description: The issue allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI. This can be demonstrated by accessing URIs...

CVE-2009-3646

InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name...

Design/Logic Flaw

InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name...

CVE-2009-3646

InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name...

CVE-2009-3646

NaviCOPA Web Server 3.01 is affected by CVE-2009-3646: an information-disclosure flaw where an HTTP request appended with ::$DATA after the HTML file name causes the server to reveal the source code of scripts/CGIs. The vulnerability enables remote attackers to view source content and potentially...

CVE-2007-2505

Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party...

CVE-2007-2505

Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party...

CVE-2007-2505

CVE-2007-2505 : Concrete details indicate a stack-based buffer overflow in InterVations MailCOPA 8.01 20070323. The vulnerability is triggered by a long string in the subject field of a mailto URI, allowing user-assisted remote attackers to execute arbitrary code. The issue affects the MailCOPA p...

Vulnerability in InterVations' MailCopa

While developing one of our advanced security training movies, we identified an exploitable vulnerability in the latest release of InterVetions' MailCopa. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the user executing MailCopa. In a...

Design/Logic Flaw

Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service daemon crash via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733...

CVE-2007-2336

CVE-2007-2336 corresponds to an unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 (20070323) that allows remote attackers to cause a denial of service (daemon crash) by crafting HTTP requests, notably long requests containing '\A' characters. The available connected documents cor...

Buffer overflow

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long 1 /cgi-bin/ or 2 /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112...

CVE-2007-1733

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long 1 /cgi-bin/ or 2 /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112...

CVE-2007-1733

CVE-2007-1733 affects InterVations NaviCOPA Web/HTTP Server 2.01. The vulnerability is a buffer overflow in handling a long URL path in an HTTP GET request (notably /cgi-bin/ or /cgi/), which could allow remote code execution. Connected sources corroborate a public-facing overflow and link to PoC...

CVE-2007-1598

Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure...