29 matches found
Roxen Web Server Vulnerability
Hi all, Excuse-me for my poor english : I discover two problems in Roxen Web server 2.0.46 and certainly prior. Perhaps it doesn't important. First problem: Suppose that Roxen is installed by default in /usr/local, the /usr/local/roxen/configurations/configinterface/settings/administratoruid file...
Проблемы в сервере Roxen
Используя нулевой символ 00 можно просматривать листинги директорий, получать содержимое исполняемых файлов и т.д...
Roxen security alert: Problems with URLs containing null characters.
Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: Directory listings in directories with index files In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc...
Roxen Web Server /%00/ Encoded Request Forced Directory Listing
The version of Roxen Web Server running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, by using a crafted URL request with '/%00/' appended to the URI, to display a listing of a remote directory, which may contain...
CVE-2000-0671
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character %00 to the URL...
Roxen WebServer 2.0.x - %00 Request FileDirectory Disclosure
Roxen WebServer 2.0.x - %00 Request FileDirectory Disclosure source: https://www.securityfocus.com/bid/1510/info If a request containing the null character %00 is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages. For exampl...
Roxen WebServer 2.0.x - '%00' Request File/Directory Disclosure
source: https://www.securityfocus.com/bid/1510/info If a request containing the null character %00 is made to the Roxen Web Server, the server will return directory contents, and the source of unparsed scripts and html pages. For example, a request to http://www.server.com/%00 Will return the...
Roxen Web Server Counter Module Crafted Request Saturation DoS
Roxen Challenger WebServer is running with the counter module installed. Requesting large counter GIFs can lead to CPU exhaustion. If the server does not support threads, this will prevent the server from serving other clients. %NASLMINLEVEL 70300 Copyright 2000 by Hendrik Scholz Changes by...
CVE-1999-1522
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML...