Apache on Mac OS X HFS+ Arbitrary File Source Disclosure

The remote host seems to be running Mac OS X or Mac OS X Server. There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the sour...

MiniShare Remote Buffer Overflow Exploit (c source)

Exploit for unknown platform in category remote exploits =================================================== MiniShare Remote Buffer Overflow Exploit c source =================================================== / email protected:/Exploits/minishare$ ./mini-exploit 10.20.30.2 MiniShare remote buff...

win xp/2000/2003 Download File and Exec 241 bytes

win xp/2000/2003 Download File and Exec 241 bytes. Shellcode exploit for win32 platform / ----------------------------------------------------------------------- downloadurlv31.c - Download file and exec shellcode for Overflow exploit Copyright C 2000-2004 HUC All Rights Reserved. Author : lion :...

Multiple Macromedia JRun bugs

DoS, source code leakage, session hijacking, crossite scripting, buffer overflow...

Macromedia JRun Server contains an information disclosure vulnerability

Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...

Debian DSA-170-1 : tomcat4 - source code disclosure

A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security...

CVE-2002-1528

CVE-2002-1528 concerns the MondoSearch product where the msmmask.exe CGI can disclose script source via the mask parameter. The vulnerability affects MondoSearch 4.4 and older builds, enabling an attacker to read files from the webserver’s directories, which is an information disclosure issue. Op...

CVE-2002-1528

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

CVE-2002-1148

CVE-2002-1148 refers to a vulnerability in Apache Tomcat where the default servlet (org.apache.catalina.servlets.DefaultServlet) on Tomcat 4.0.4, 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Connected sources (GHSA and OSS/ID...

CVE-2002-1394

Apache Tomcat 4.x: vulnerability allows remote disclosure of server source code when using both the invoker servlet and the default servlet (Tomcat 4.0.5 and earlier). Root cause is exposure of server files through misconfigured/default servlet handling; impact is read access to source code and p...

Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities

The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. %NASLMINLEVEL 70300 Th...

Apache Tomcat 4.0.x < 4.0.5 / 4.1.x < 4.1.11 JSP Source Code Disclosure

Binary data 1463.pasl...

WebLogic FileServlet Source Code Disclosure

Binary data 1631.prm...

Important: Red Hat Security Advisory: kernel security update

Updated Itanium kernel packages that fix a number of security issues are now available. The Linux kernel handles the basic functions of the operating system. This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities. Paul Starzetz...

BEA WebLogic < 5.1.0 SP8 Hex-encoded Request JSP Source Disclosure

Binary data 1525.prm...

ProFTPd - &#039;ftpdctl&#039; &#039;pr_ctrls_connect&#039; Local Overflow

/ This is simple local exploit Proof of Concept? for local bug in ProFTPd not in default options must be configured with option --enable-ctrls. Bug exist in func tion prctrlsconnect in file "src/ctrls.c", look: "src/ctrls.c" int prctrlsconnectconst char socketfile ... struct sockaddrun clsock,...

CVE-2004-0495

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool...

Merak Mail Server 7.4.5 - calendar.html?schedule SQL Injection

Merak Mail Server 7.4.5 - calendar.html?schedule SQL Injection source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - ...

Merak Mail Server 7.4.5 - &#039;address.html&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerability - A PHP source code disclosure...