CVE-2020-7227

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...

EUVD-2020-28355

Malware in sbrugna...

EUVD-2025-3724

Malicious code in bioql PyPI...

CVE-2025-24470

An Improper Resolution of Path Equivalence vulnerability CWE-41 in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests...

CVE-2020-12880

CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...

[Ghost Phisher] GUI suite for phishing and penetration attacks

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...

http-vuln-cve2012-1823 NSE Script

Detects PHP-CGI installations that are vulnerable to CVE-2012-1823, This critical vulnerability allows attackers to retrieve source code and execute code remotely. The script works by appending "?-s" to the uri to make vulnerable php-cgi handlers return colour syntax highlighted source. We use th...

http-litespeed-sourcecode-download NSE Script

Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension CVE-2010-2333. If the server is not vulnerable it returns an error 400. If index.php i...

Code injection

download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via 1 a trailing ".", 2 a trailing space, or 3 mixed case in the FileNameAttach parameter...

CVE-2010-2336

CVE-2010-2336 affects Yamamah Photo Gallery 1.00; the index.php download parameter allows remote attackers to obtain the source code of executable files within the web document root. The root cause is improper handling of the download parameter that exposes server file contents. Impact is exposur...

CVE-2009-4531

CVE-2009-4531 affects httpdx 1.4.4 and earlier, enabling remote disclosure of web-page source code by appending a dot to the URI. The vulnerability is described consistently across sources as a server-side flaw in handling specific request syntax, allowing partial disclosure of scripts or page co...

Teach you to quickly locate the target website source code-bug warning-the black bar safety net

First look at an example: The target site is a shopping site, wherein a section of the“My selling”point of the path is: mycsproc. asp-- This page name is very characteristic, Oh To www. seeknot. com the search bar in the input mycsproc. asp, select the default directory to find the way, to submit...

CVE-2009-3646

InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name...

PHP 5.2.4 ionCube extension safe_mode / disable_functions Bypass

Exploit for unknown platform in category local exploits ================================================================ PHP 5.2.4 ionCube extension safemode / disablefunctions Bypass ================================================================ ionCub...

PHP 5.2.4 ionCube - ioncube_read_file Safe Mode Disable Functions Bypass

PHP 5.2.4 ionCube - ioncubereadfile Safe Mode Disable Functions Bypass ionCube output:"; echo $MyBootioncube; ? milw0rm.com 2007-10-11...

Design/Logic Flaw

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

CVE-2006-1391

The CVE-2006-1391 entry concerns two web servers: Quick 'n Easy Web Server (before 3.1.1) and Baby ASP Web Server (2.7.2). The issue is that an attacker can remotely obtain the source code of ASP files by crafting URLs where the extension uses a dot/space (e.g., manipulating the URL extension), e...

CVE-2003-0411

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...

Source code retrival in Sambar

It's possible to get source code by adding space with NULL symbol to filename...

Получение исходного текста CGI в Bad Blue (source code retrieval)

Додбавив 00 к имени файла PHP или CGI можно получить его исходный код...