Embedthis GoAhead < 2.1.8 Script Source Code Disclosure Vulnerability - Active Check

Embedthis GoAhead is prone to a script source code disclosure vulnerability. SPDX-FileCopyrightText: 2008 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Maian Uploader v4.0 XSS Vulnerabilities

---------------------------------------------------------------- Script : Maian Uploader v4.0 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...

CVE-2007-6651

Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information script source code via a .. dot dot in the suckurl parameter...

Code injection

BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a 1 + plus, 2 . dot, or 3 %80 and similar characters to the file name in the URL...

Simple HTTPD multiple security vulnerabilities

Directory traversal, script source code access...

CVE-2002-2413

WebSite Pro 3.1.11.0 on Windows is affected by CVE-2002-2413, where a remote attacker can read script source code for files with extensions longer than 3 characters by requesting a URL that uses the equivalent 8.3 file name. The vulnerability is described in multiple sources (RH and NVD entries) ...

CVE-2007-3407

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

Code injection

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

myserver-disclose.txt

The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files. Found By:Shay Priel aka Prili site: http://www.myserverproject.net/ poc: ---- http://localhost/cgi-bin/post.mscgI I -...

Design/Logic Flaw

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...

CVE-2007-3365

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...

CVE-2007-3327

httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information script source code via a URI with a trailing %20 encoded space...

Code injection

httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information script source code via a URI with a trailing %20 encoded space...

MyServer HTTP server multiple security vulnerabilities

Crossite scripting with demo pages, script source code access with capital character in path...

Directory traversal

Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager phpATM 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. dot dot in the directory parameter in a downloadfile action...

CVE-2007-1478

download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter...

Code injection

download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter...

CVE-2007-1478

download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter...

Mono XSP for ASP.NET Server Crafted Request Script Source Code Disclosure

The remote host is running Mono XSP, a lightweight web server for hosting ASP.NET applications. The version of Mono XSP installed on the remote Windows host fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of scrip...

Apache 2.2.2 - CGI Script Source Code Information Disclosure

Apache 2.2.2 - CGI Script Source Code Information Disclosure source: https://www.securityfocus.com/bid/19447/info Apache is prone to an information-disclosure vulnerability because it fails to properly handle exceptional conditions. An attacker can exploit this issue to retrieve script source cod...