63 matches found
Multiple vulnerabilities in YXCMS frontend
YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. YXCMS front-end cross-site scripting and cross-site request forgery vulnerabilities. htmlin function is not strict on xss filtering does not take into account the pseudo-protocol , due to the failure to...
CVE-2011-3694
The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL...
ProFTPD 1.3.3c Compromised Source Remote Trojan
The ProFTPD server is a full featured File Transfer Protocol FTP server mainly used in Linux distributions. Aside from the standard FTP features, the server supports a number of extensions. ProFTPD 1.3.3c backdoor allows users remote code access to systems which run the modified version of the...
CVE-2006-6104
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...
CVE-2006-1791
CVE-2006-1791 affects QuickBlogger 1.4 through the file acc.php , enabling a directory traversal that lets an attacker read or include arbitrary local files via the request parameter; note that an include failure can yield XSS . The connected documents confirm the affected product and vulnerabili...
CVE-2005-0310
Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to 1 search.info.php, 2 permissions.info.php, 3 security.info.php, 4 formcontrol.php, or 5 filemodules.php, which reveals the path in an error message because the pathoscoreversion variable is undefine...
CVE-2002-1148
The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...
CVE-2002-1394
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...
PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitatio...
CVE-2002-1528
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...
CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...
CVE-2001-0778
OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space %20...
CVE-2001-0709
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...
CVE-2001-1140
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 null byte to the request...
CVE-2001-0446
IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...
CVE-2001-0446
IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...
CVE-2000-1052
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet...
CVE-2000-0868
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...
CVE-2000-0683
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...
CVE-2000-1204
Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...