56 matches found
Code injection
jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...
CVE-2006-2759
Jetty 6.0.x (jetty6) beta16 has an information-disclosure vulnerability: remote attackers can read the source of JSP files by using a capital P in the .jsp extension (and likely other mixed-case variants). The issue is confirmed across multiple sources (NVD, SUSE, GHSA, OSV, Veracode, PRION, CVE ...
Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting
Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-cod...
Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting
Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code...
RaidenHTTPD Web server / Quick 'n Easy Web Server / Baby ASP / Blazix Web Server / AN HTTPD / Xeneo scripts source code disclosure
It's possible to retrieve script source code by adding " ./" to request...
Privilege escalation
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...
CVE-2006-0815
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...
CVE-2006-0815
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...
NetworkActiv Web Server script source code leak
Invalid processing of requests with forward slash character...
CVE-2003-1102
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...
Hummingbird CyberDOCS sets insecure permissions on script source code files
Overview Hummingbird CyberDOCS running on Microsoft Internet Information Services IIS sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document manageme...
CVE-2001-0693
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space %20...
CVE-2001-0693
CVE-2001-0693 affects WebTrends HTTP Server 3.1c and 3.5, where a remote attacker can view script source by requesting a filename followed by an encoded space (%20). The underlying issue is an information disclosure vulnerability in the server’s handling of URL paths. The CVSS vector indicates ne...
CVE-2001-0693
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space %20...
CVE-1999-0758
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL...
Tomcat may reveal script source code by URL trickery
Tomcat may reveal script source code by URL trickery ---------------------------------------------------- Sverre H. Huseby advisory 2001-03-29 Systems affected ---------------- Tomcat 4.0-b1 latest milestone and nighly build as of 2001-03-28 tested. Other versions may be vulnerable too. The probl...