5314 matches found
[SA15818] Dynamic Biz Website Builder Admin Login SQL Injection
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[SA15783] Whois.Cart Cross-Site Scripting and Local File Inclusion
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2002-1744
The connected CVE records confirm a directory traversal in CodeBrws.asp for Microsoft IIS 5.0. The vulnerable component is CodeBrws.asp (IIS 5.0), with the underlying issue caused by a hex-encoded "+%c0%ae%c0%ae+" sequence representing ".." that allows remote attackers to view source code and det...
CVE-2002-1745
CVE-2002-1745 concerns an off-by-one error in the CodeBrws.asp sample script bundled with Microsoft IIS 5.0. The vulnerability allows remote attackers to view source code for files with extensions that contain one extra character after .html, .htm, .asp, or .inc (e.g., .aspx). Root cause is an of...
CVE-2002-1745
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files...
CVE-2005-2008
CVE-2005-2008 affects Yaws Webserver 1.55 and earlier. A remote attacker can obtain the source code of yaw scripts by requesting a .yaws script with a trailing %00 (null). The root cause is a null-byte handling issue in script requests. Impact is information disclosure of script source; no integr...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
[Full-disclosure] Source Code Disclosure in Yaws Webserver <1.56
SEC-CONSULT Security Advisory 20050616-0 ======================================================================= title: Source Code Disclosure in Yaws Webserver program: Yaws Webserver vulnerable version: 1.55 and earlier homepage: http://yaws.hyber.org found: 2005-06-01 by: M. Eiszner /...
YAWS < 1.56 Script File Source Code Disclosure
Binary data 3019.prm...
Yaws 1.5x - Source Code Disclosure
Yaws 1.5x - Source Code Disclosure source: https://www.securityfocus.com/bid/13981/info A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code. Information obtained in this manner may be used by the attacker to launch further attacks against a...
Yaws Webserver source code leak
00 at the end of executable file allows to see it's content...
Yaws 1.5x - Source Code Disclosure
source: https://www.securityfocus.com/bid/13981/info A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code. Information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system. Yaws 1.55 and prior...
Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure
The remote host is running the Yaws web server. The remote version of this software is vulnerable to a source code disclosure issue. By requesting a '.yaws' script following by %00, an attacker may force the remote server to disclose the source code of that script. Since scripts may contain...
[SA15515] ZonGG "password" SQL Injection Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2005-1656
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space "%20"...
CVE-2005-1656
Mercur Messaging 2005 SP2 is affected by CVE-2005-1656. An attacker can read the source code of .ctml files by issuing a URL containing a trailing hex-encoded space ("%20"). Affected product: Mercur Messaging 2005 SP2. Underlying issue: the vulnerability allows partial disclosure of data via craf...
CVE-2005-1656
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space "%20"...