Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2

Dear PowerDNS Users, Two major vulnerabilities have recently been discovered in the PowerDNS Recursor all versions up to and including 3.1.7.1. Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2. Given the nature and magnitude of these...

httpdx特制HTTP请求源码泄露漏洞

CVECAN ID: CVE-2009-4531 httpdx是一款轻型的http和ftp服务器。 远程攻击者可以通过向httpdx服务器提交附加了“.”的特制HTTP请求导致泄漏某些脚本的源码。 httpdx = 1.4.4 厂商补丁： httpdx ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://httpdx.sourceforge.net/ http://172.16.2.101/index.html. http://172.16.2.101/test.py...

httpdx Space Character Remote File Disclosure Vulnerability

httpdx is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process. This may aid in further attacks. httpdx 1.5 is affected; other...

Twitter Protects Against Bad Passwords

The micro-blogging service rejects 370 passwords when new users sign up if it thinks they are too easy to guess. However, bloggers recently discovered that the list of banned passwords is embedded in the source code of the page itself. Read the full article. Telegraph UK...

CVE-2009-4531

httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI...

CVE-2009-4529

InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs...

Code injection

InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs...

CVE-2009-4535

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / slash character to the URI...

Design/Logic Flaw

httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI...

CVE-2009-4530

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI...

CVE-2009-4530

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI...

CVE-2009-4530

CVE-2009-4530 affects Mongoose Web Server (2.8.0 and earlier). Vulnerability: remote disclosure of page source by appending ::$DATA to the URI, enabling partial confidentiality impact. Core cause is a web server source code disclosure path handling flaw. No explicit exploitation details or in-the...

CVE-2009-4531

httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI...

CVE-2009-4529

NaviCOPA Web Server (3.0.1.2 and earlier) is affected by CVE-2009-4529. A trailing encoded space in a request URI (e.g., /index.html%20 or /index.php%20) can disclose the server-side source code of pages/CGIs to a remote attacker. Affected product is NaviCOPA Web Server; root cause is improper ha...

CVE-2009-4531

CVE-2009-4531 affects httpdx 1.4.4 and earlier, enabling remote disclosure of web-page source code by appending a dot to the URI. The vulnerability is described consistently across sources as a server-side flaw in handling specific request syntax, allowing partial disclosure of scripts or page co...

PT-2009-6629 · Httpdx · Httpdx

Name of the Vulnerable Software and Affected Versions: httpdx versions 1.4.4 and earlier Description: The issue allows remote attackers to obtain the source code for a web page by appending a . dot character to the URI. Recommendations: For httpdx versions 1.4.4 and earlier, consider restricting...

PhotoDiary 1.3 (lng) LFI Vulnerability

No description provided by source. PhotoDiary 1.3 lng Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php lines 9 - 15: if isset$GET'lng' $LNG = $GET'lng'; 1 else $LNG = "ITA"; include...

PhotoDiary 1.3 - 'lng' Local File Inclusion

PhotoDiary 1.3 lng Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php lines 9 - 15: if isset$GET'lng' $LNG = $GET'lng'; 1 else $LNG = "ITA"; include "../common/language".$LNG.".php"; 2 proof of concept:...

PhotoDiary 1.3 - lng Local File Inclusion

PhotoDiary 1.3 - lng Local File Inclusion PhotoDiary 1.3 lng Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php lines 9 - 15: if isset$GET'lng' $LNG = $GET'lng'; 1 else $LNG = "ITA"; include...

PT-2009-6633 · Mongoose · Mongoose

Name of the Vulnerable Software and Affected Versions: Mongoose versions 2.8.0 and earlier Description: The issue allows remote attackers to obtain the source code for a web page by appending a / slash character to the URI. Recommendations: For versions 2.8.0 and earlier, update to a version late...