5313 matches found
CVE-2003-0423
Apple QuickTime/Darwin Streaming Server’s parse_xml.cgi vulnerability (CVE-2003-0423) allows remote access to the source code of files via /parse_xml.cgi?filename=[file] for DS 4.1.3g and earlier. The issue is caused by Web root script disclosure, with no fix available at the time and Apple inves...
ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.
just downloaded ezbounce, quick audit yielded this format bug. the bug exists from version 1.0 to current1.04a-stable/1.50-pre6-beta at the time. the bug occurs inside the "sessions" command. most of the details are explained in the exploit comments. pretty much explains how to get the addresses...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
VisNetic WebMail 5.8.6 .6 - Information Disclosure
source: https://www.securityfocus.com/bid/8018/info VisNetic WebMail is prone to an information disclosure vulnerability. Reportedly, by appending a dot '.' character to the end of a URI request to WebMail, the source code of PHP files may be returned in the web browser...
jboss .jsp source code leakage
By adding 00 то URL it's possible to obtain source code of .jsp page...
CVE-2003-0411
CVE-2003-0411 affects Sun ONE Application Server 7.0 on Windows 2000/XP. A remote attacker can obtain JSP source code by requesting a file with the uppercase extension ".JSP" instead of ".jsp". The provided documents do not specify a patch version or remediation; exploitation details are not desc...
CVE-2003-0411
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension...
BEA WebLogic FileServlet Source Code Disclosure
The version of the WebLogic web application installed on the remote host contains a flaw such that by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. %NASLMINLEVEL 70300 This script was written by John [email protected] Modifications by Tenable Network...
JBoss %00 Request JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by appending a NULL character to the name of the JSP files requested eg, 'foo.jsp%00'. An attacker may use this flaw to get the source code of scripts on the remote host and possibly obtain passwords and other...
JBoss.txt
Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "%00" shows the source code of this JSP. Seems to be a forgotten debug feature :- http://192.168.0.4:8080/web-console/ServerInfo.jsp%00 Sincerely Marc Schoenefeld...
JBOSS 3.2.1: JSP source code disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...
Sun ONE Application Server Upper Case Request JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a different case ie: filename.JSP instead of filename.jsp. An attacker may use this flaw to get the source code of your CGIs and possibly obtain passwords and other relevant...
Multiple Vulnerabilities in Sun-One Application Server
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...
sunone.txt
Multiple Vulnerabilities in Sun-One Application Server ------------------------------------------------------- Release Date: May 27, 2003 System Affected Sun-ONE Application Server 7.0 for Windows 2000/XP Description During a brief audit of a SunONE Application Server installation on Windows 2000...
Sun ONE Application Server 7.0 - Source Disclosure
source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...
Sun ONE Application Server 7.0 - Source Disclosure
Sun ONE Application Server 7.0 - Source Disclosure source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the serv...
PHP source code injection in BLNews
Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...
PHP source code injection in BLNews
Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...
BEA WebLogic SSIServlet Invocation Source Code Disclosure
BEA WebLogic may be tricked into revealing the source code of JSP scripts by prefixing the path to the .jsp files by /.shtml/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script is based on BEAweblogicRevealsourcecode.nasl Script audit and contributions from Carmichael Security Erik...
MS Windows SMB Authentication Remote Exploit
Exploit for unknown platform in category remote exploits ============================================ MS Windows SMB Authentication Remote Exploit ============================================ Exploit for "Authentication flaw in Windows SMB protocol" Release Date: April 24, 2003 Code by Haamed...