CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7 on Windows is affected by a filename extension validation flaw that allows remote disclosure of JSP source code. An attacker can craft a URL with dot or space characters in the extension to reveal the contents of JSP files. The vulnerability impacts confident...

[SA19312] Baby Web Server ASP Code Disclosure Vulnerability

TITLE: Baby Web Server ASP Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA19312 VERIFY ADVISORY: http://secunia.com/advisories/19312/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Baby ASP Web Server 2.x http://secunia.com/product/8915/...

[SA19379] CoMoblog "img.php" Cross-Site Scripting Vulnerability

TITLE: CoMoblog "img.php" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19379 VERIFY ADVISORY: http://secunia.com/advisories/19379/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CoMoblog 1.x http://secunia.com/product/8906/ DESCRIPTION: FarhadKey ha...

Orion application server source code disclosure

It's possible to access JSP page content by adding dot with space character to file extention...

AdMan v1.0.x SQL vuln

AdMan v1.0.x SQL vuln Vuln. discovered by : r0t Date: 23 march 2006 vendor:www.formfields.com/adManArea/ affected versions: v1.0.20051221 and prior orginal advisory: http://pridels.blogspot.com/2006/03/adman-v10x-sql-vuln.html SQL vuln. AdMan contains a flaw that allows a remote sql injection...

Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure

Binary data 3486.prm...

MS Windows XP/2003 (IGMP v3) Denial of Service Exploit (MS06-007) (2)

No description provided by source. / MS06-007 Denial of Service POC exploit created by Firestorm, based on zloSend.exe win32 exploit http://www.securitylab.ru/poc/264136.php Tested on Windows XP SP2 as victim compiled/runned on Fedore Core 4 x86 FOR EDUCATIONAL PURPOSE ONLY !!! / include stdio.h...

[SA19289] CuteNews &quot;archive&quot; Disclosure of Sensitive Information Vulnerability

TITLE: CuteNews "archive" Disclosure of Sensitive Information Vulnerability SECUNIA ADVISORY ID: SA19289 VERIFY ADVISORY: http://secunia.com/advisories/19289/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CuteNews 1.x...

[SA19283] SoftBB &quot;mail&quot; SQL Injection Vulnerability

TITLE: SoftBB "mail" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19283 VERIFY ADVISORY: http://secunia.com/advisories/19283/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: SoftBB 0.x http://secunia.com/product/8782/ DESCRIPTION: A vulnerability has...

[SA19216] vCard Cross-Site Scripting Vulnerabilities

TITLE: vCard Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA19216 VERIFY ADVISORY: http://secunia.com/advisories/19216/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: vCard 2.x http://secunia.com/product/8693/ DESCRIPTION: LinuxDrox has reported som...

Cross site request forgery (csrf)

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via 1 dot, 2 space, 3 slash, or 4 NULL characters in the filename extension of an HTTP request...

CVE-2006-0819

CVE-2006-0819 affects Dwarf HTTP Server 1.3.2. A validation error in the requested URL filename extension (dot/space/slash/NULL characters) allows remote disclosure of JSP source. Secunia also notes unsanitized error responses enabling XSS. Mitigation: update to version 1.3.3.

Multiple Dwarf HTTP Server vulnerabilities

Crossite scripting, scripts source code disclosure...

Code injection

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...

CVE-2006-1093

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed...

Test both the JSP environment the following security vulnerabilities-vulnerability warning-the black bar safety net

Author: xy7BCT The first test JSP program vulnerabilities, to be exact is a server poor configuration leading to security risks, wrong place hope everyone noted it!!! Previously in some articles on the see on the JSP site storm any files of the original code of the vulnerability, and today finall...

[SA19142] Owl Intranet Engine &quot;xrms_file_root&quot; File Inclusion Vulnerability

TITLE: Owl Intranet Engine "xrmsfileroot" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19142 VERIFY ADVISORY: http://secunia.com/advisories/19142/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Owl Intranet Engine 0.x http://secunia.com/product/1579/...

USN-260-1: flex vulnerability

Chris Moore discovered a buffer overflow in a particular class of lexicographical scanners generated by flex. This could be exploited to execute arbitrary code by processing specially crafted user-defined input to an application that uses a flex scanner for parsing. This flaw particularly affects...

Privilege escalation

NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" forward slash after the file extension...