230 matches found
CVE-2001-0506
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes SSI directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability...
CVE-2001-0245
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability...
CVE-2000-0898
Small HTTP Server 2.01 does not properly process Server Side Includes SSI tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file...
CVE-2000-0898
CVE-2000-0898 affects Small HTTP Server 2.01. The issue is improper handling of Server Side Includes (SSI) tags containing null values, allowing local users and possibly remote attackers to crash the server by inserting an SSI into an HTML file. The NVD data indicates partial impact to availabili...
CVE-2000-0898
Small HTTP Server 2.01 does not properly process Server Side Includes SSI tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file...
Vulnerabilites in SmallHTTP Server
403-security SECURITY ADVISORY Product: SmallHTTPServer Version: 2.01 Author: [email protected] Homepage: http://www.403-security.org 1st Problem: By default if user send request without file name specified http://host/subdirectory/ HTTPServer will look for index.html in that folder and if...
thttpd ssi: retrieval of arbitrary world-readable files
thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...
FS-072800-9-BEA.txt
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...
Banner Rotation 01
-- Banner rotating 01 -- -- Description: "Banner rotating 01" is a cgi script distributed for free on several site builder sites, including Hot Area. The script is available on http://www.hotarea.net/web/scripts/banner01/ The cgi script offers numerous functions for those wishing to manage rotati...
PT-1999-1192 · Microsoft · Iis
Name of the Vulnerable Software and Affected Versions: IIS affected versions not specified Description: The issue is related to the exec function being enabled for Server Side Include SSI files in IIS. This could potentially allow for execution of commands. Recommendations: At the moment, there i...