Macromedia JRun Server contains an information disclosure vulnerability

Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...

Dotnetnuke Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------ DOTNETNUKE MULTIPLE VULNBERABILITIES - - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/?429 1 Source Code & File Access; Severity : Highly...

CVE-2003-0423

parsexml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter...

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

CVE-2001-0590

CVE-2001-0590 affects Apache Tomcat Servlet prior to 3.2.2. A malformed URL request that does not end with a protocol (e.g., HTTP/1.0) can cause a remote attacker to read the source code of arbitrary JSP files, constituting information disclosure. The issue is confirmed in multiple sources tying ...

WebTrends Enterprise Reporting Server 3.1 c/3.5 - Source Code Disclosure

source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of arbitrary scripts on the WebTrends Live webserver. This is accomplished by...

CVE-2001-0399

CVE-2001-0399 affects Caucho Resin 1.3b1 and earlier. A path traversal / information disclosure flaw lets remote attackers read Javabean source by inserting a .jsp before the WEB-INF specifier in an HTTP request. OpenVAS entries corroborate the issue as a remote vulnerability with a 5.0 CVSS base...

CVE-2001-0312

IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing...

iis.asp.txt

NtWaK0 Bug / Security / Advisory Saturday, October 21, 2000 IIS 5 and using ..%c0%af../winnt/system32/cmd.exe?/c+type+c: To Read any ASP source Code of the server o Synopsis Based on http://www.wiretrip.net/rfp/p/doc.asp?id=57&iface=2 I done some research and found that that ..%c0%af.. can be use...

CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...

CVE-2000-0630

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-2000-0500

The CVE-2000-0500 entry affects BEA WebLogic 5.1.0; the default configuration allows a remote attacker to view source code by requesting a URL beginning with /file/, causing the default servlet to display the file without processing. The available sources consistently describe this behavior; no e...

@stake Advisory: SuSE Apache CGI Source Code Viewing (A090700-2)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com www.cerberus-infosec.co.uk Security Advisory Release Date: 09/07/2000 Application: Apache 1.3.9/12 Platform: SuSE Linux 6.3 and 6.4 Severity: An attacker can gain access to source code of CGI scripts. As such they may be...

FS-072800-9-BEA.txt

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...

CVE-2000-0630

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability...

Еще одна уязвимость в MS Index Server

С помощью запроса типа http://charon/null.htw?CiWebHitsFile=/default.asp20&CiRestriction=none&CiHiliteType=Full можно получить исходный текст .asp или любого другого скрипта...

CVE-1999-0286

In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages...

CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL...