271 matches found
LocalWEB2000 1.1 - Directory Traversal
source: https://www.securityfocus.com/bid/2268/info LocalWEB2000 is subject to a directory traversal. Requesting a specially crafted HTTP request with a known filename will enable an attacker to gain read access to the requested file. http://target/../../../autoexec.bat...
keware technologies homeseer 1.4 - Directory Traversal
keware technologies homeseer 1.4 - Directory Traversal source: https://www.securityfocus.com/bid/2085/info Keware Technologies HomeSeer is a home automation application which enables users to control various housewares and appliances locally or remotely via a web interface. It is possible for a...
Cisco IOS software vulnerable to DoS via HTTP request containing "%%"
Overview There is a denial-of-service vulnerability in several Cisco switch and router products which allows an attacker to force affected devices to crash and reboot. Description A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software which allows an...
Cisco IOS software vulnerable to DoS via HTTP request containing "?/"
Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to force affected switches and routers to crash and reboot. Description To exploit this vulnerability, the IOS HTTP interface must be enabled and the attacker must...
Netscape Directory Server 4.12 - Directory Server Directory Traversal
Netscape Directory Server 4.12 - Directory Server Directory Traversal source: https://www.securityfocus.com/bid/1839/info Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use ...
CVE-2000-0649
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined...
Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure
Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure source: https://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0...
IBM HTTP SERVER / APACHE
I haven't seen any advisories for IBM HTTP SERVER running Apache. There is a crucial number of "/" forward slash you can use to retrieve the contents of the root directory of this particular Web Server. Using this vulnerability, you can retrieve any files or scripts running from that directory an...
AnalogX SimpleServer:WWW 1.0.3 - Denial of Service
source: https://www.securityfocus.com/bid/1076/info Requesting a URL containing a string of exactly eight characters following the /cgi-bin/ directory 17 characters in total will cause AnalogX SimpleServer:WWW to shut down. http://target/cgi-bin/...
Fastraq Mailtraq 1.1.4 - Multiple Path Vulnerabilities
Fastraq Mailtraq 1.1.4 - Multiple Path Vulnerabilities source: https://www.securityfocus.com/bid/1278/info A remote user may browse any known directory on a host running Fastraq Mailtraq 1.1.4 by making a URL request that includes the '../' string. In addition, requesting a URL appended with "../...
CVE-1999-1030
counter.exe 2.70 allows a remote attacker to cause a denial of service hang via an HTTP request that ends in %0A newline, which causes a malformed entry in the counter log that produces an access violation...