CVE-2006-4223

CVE-2006-4223 affects IBM WebSphere Application Server (WAS) before version 6.0.2.13. The issue involves JSP source code exposure via context-dependent paths when ibm-web-ext.xmi sets fileServingEnabled to true or when ExtendedDocumentRoot places a JSP outside a WAR file. This allows an attacker ...

CVE-2006-4223

IBM WebSphere Application Server WAS before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" PK23475, which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place...

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

CVE-2006-4110

CVE-2006-4110 affects Apache 2.2.2 running on Windows. An information-disclosure vulnerability arises when the CGI directory is within the document root: requests that alter the case of the directory name bypass the ScriptAlias handler on a case-insensitive filesystem, allowing attackers to read ...

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

Spaminator 1.7 - page Remote File Inclusion

Spaminator 1.7 - page Remote File Inclusion Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

Spaminator 1.7 - 'page' Remote File Inclusion

Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

Thatware 0.4.6 - ROOT_PATH Remote File Inclusion

Thatware 0.4.6 - ROOTPATH Remote File Inclusion Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP:...

Apache 2.2.2 - CGI Script Source Code Information Disclosure

Apache 2.2.2 - CGI Script Source Code Information Disclosure source: https://www.securityfocus.com/bid/19447/info Apache is prone to an information-disclosure vulnerability because it fails to properly handle exceptional conditions. An attacker can exploit this issue to retrieve script source cod...

See-Commerce 1.0.625 - 'owimg.php3' Remote File Inclusion

See-Commerce Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://freshmeat.net/redir/seecommerce/14016/urlzip/sc-1.0.625.zip Problem Is: require$path."/ow.inc"; Page Affect: http://site/see-commerce directory/owimg.php3?path=evil script Greatz : Str0ke milw0rm.com 2006-08-0...

Hitweb 4.2.1 - REP_INC Remote File Inclusion

Hitweb 4.2.1 - REPINC Remote File Inclusion Hitweb 4.2 Remote Include File CreW: ToxiC Bug Found By Drago84 Sorce Code: http://freshmeat.net/redir/hitweb/15633/urltgz/hitweb-4.2php.tgz Problem is: include "$REPINC/libdatabase.php"; Page: genpage-cgi.php Path: Declare $REPINC Expl:...

DeluxeBB Multiple Vulnerabilities

DeluxeBB Multiple Vulnerabilities Author: Attila Gerendi Darkz Date: July 30, 2006 Package: DeluxeBB http://www.deluxebb.com/ Versions Affected: 1.08 Other versions may also be affected. Severity: Cross-Site Scripting, Cookie Manipulation, Login Bypass Cross-Site Scripting: When posting a new top...

CVE-2006-3936

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

Apache Tomcat 5 - Information Disclosure

Apache Tomcat 5 - Information Disclosure source: https://www.securityfocus.com/bid/19106/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from...

Apache Tomcat 5 - Information Disclosure

source: https://www.securityfocus.com/bid/19106/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to reveal a complete directory listing from any directory. Information obtained may...

ASP.NET source code disclosure

It's possible to retrieve source codes for scripts and executable, except protected file extensions...

PHP-Blogger Multiple Cross Site Scripting Vulnerabilities

PHP-Blogger Multiple Cross Site Scripting Vulnerabilities OS2A ID: OS2A1006 Status: 14/06/2006 Issue Discovered 23/06/2006 Reported to the vendor No response on repeated notification 07/07/2006 Advisory Released Class: Cross Site Scripting Severity: Medium Overview: --------- PHP-Blogger is a fre...

[SA20912] Taskjitsu Task Script Insertion Vulnerabilities

---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports...

[SA20884] MKPortal "ind" Local File Inclusion Vulnerability

---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports...