5314 matches found
WebLogic source code disclosure
There is a bug in the Weblogic web application. Namely, by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. OpenVAS Vulnerability Test $Id: consolehelp.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: WebLogic source code disclosure Authors: John Lampe...
Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail
The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - . This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities. OpenVAS Vulnerability Test $Id:...
ASP source using %20 trick
It is possible to get the source code of the remote ASP scripts by appending %20 at the end of the request like GET /default.asp%20 ASP source code usually contains sensitive information such as logins and passwords. OpenVAS Vulnerability Test $Id: aspsourcespace.nasl 8023 2017-12-07 08:36:26Z...
Oracle 9iAS OWA UTIL access
Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...
WebLogic Server /%00/ bug
Requesting a URL with SPDX-FileCopyrightText: 2001 StrongHoldNet Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:weblogicserver"; ifdescription...
ASP/PHP '%20' Source Code Disclosure Vulnerability - Active Check
Multiple products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi SPDX-FileCopyrightText: New code / detection methods since 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
MondoSoft MondoSearch < 4.4.5156 'msmmask.exe' Source Disclosure Vulnerability - Active Check
MondoSoft MondoSearch is prone to a source code disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVSWeb detection
CVSWeb is used by hosts to share programming source code. Some web sites are misconfigured and allow access to their sensitive source code without any password protection. This plugin tries to detect the presence of a CVSWeb CGI and when it finds it, it tries to obtain its version...
WebLogic source code disclosure
There is a bug in the Weblogic web application. Namely, by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Microsoft IIS UNC Mapped Virtual Host Vulnerability
Your IIS webserver allows the retrieval of ASP/HTR source code. An attacker can use this vulnerability to see how your pages interact and find holes in them to exploit. OpenVAS Vulnerability Test $Id: iisuncmappedvirthostvuln.nasl 6046 2017-04-28 09:02:54Z teissa $ Description: Microsoft IIS UNC...
CVE-2005-3293
Xerver 4.17 allows remote attackers to 1 obtain source code of scripts via a request with a trailing "." dot or 2 list directory contents via a trailing null character...
CVE-2005-3293
CVE-2005-3293 affects Xerver before v4.20. Two information-disclosure vectors are described: (1) appending a trailing dot to a script URL to obtain its source code, and (2) sending a request with a trailing null character (%00) to list directory contents. Evidence from NVD/CVE records confirms vu...
CVE-2005-3293
Xerver 4.17 allows remote attackers to 1 obtain source code of scripts via a request with a trailing "." dot or 2 list directory contents via a trailing null character...
[SA17218] PHP-Nuke NukeFixes Addon "file" Local File Inclusion Vulnerability
TITLE: PHP-Nuke NukeFixes Addon "file" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA17218 VERIFY ADVISORY: http://secunia.com/advisories/17218/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: NukeFixes 3.x addon for PHP-Nuke...
Sun Java System Application Server (Sun ONE) JSP source code disclosure
No description provided...
[SA17164] Sun Java System Application Server JSP Source Code Disclosure
TITLE: Sun Java System Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA17164 VERIFY ADVISORY: http://secunia.com/advisories/17164/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Sun Java System Application Server Sun ONE 7...
[SA17174] versatileBulletinBoard Cross-Site Scripting and SQL Injection
TITLE: versatileBulletinBoard Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA17174 VERIFY ADVISORY: http://secunia.com/advisories/17174/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information WHERE: From...
[SA17117] aeNovo Cross-Site Scripting and SQL Injection Vulnerabilities
TITLE: aeNovo Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA17117 VERIFY ADVISORY: http://secunia.com/advisories/17117/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: aeNovo...
Opty2
Opty2 multi-byte NOP generator This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/nop/opty2' Opty2 ----- This class implements single-byte NOP generation for X86. It takes from ADMmutate and from spoonfu...
[SA16934] IPB Riverdark RSS Syndicator Module Cross-Site Scripting
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...