Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold 4.0 to close a second JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code exposure vulnerability...

Phorum 3.4 Cross Site Scripting

Description: It is possible to insert javascript code in a message and execute it. 1. go to a phorum 2. click on new topic 3. enter any name 4. enter any email 5. enter a title in the way like this "scriptalert "Vulnerable";/script 6. enter any text 7. click the preview button 8. click the send...

CVE-2002-0300

CVE-2002-0300 affects gnujsp 1.0.0 and 1.0.1. The vulnerability allows remote attackers to list directories, read the source code of certain scripts, and bypass access restrictions by directly requesting a target file from the gnujsp servlet; the issue stems from a limitation of JServ and the ser...

CVE-2002-0737

CVE-2002-0737 affects the Sambar Web Server prior to 5.2 beta 1. An attacker can remotely obtain source code of server-side scripts or trigger a denial of service by exploiting a flaw in URL parsing when a URL ends with a space followed by a null byte. This occurs because the server misinterprets...

CVE-2002-0737

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service resource exhaustion via DOS devices, using a URL that ends with a space and a null character...

CVE-2002-1025

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed...

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts...

Apache Tomcat Directory Listing and File Disclosure

Apache Tomcat prior to 3.3.1a is affected by a directory listing and file disclosure vulnerability. By requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present or obtain unprocessed source code for a JSP file. Also note...

CVE-2002-1451

The vulnerability CVE-2002-1451 affects the Blazix web server (Java-based) prior to version 1.2.2. An HTTP request that ends with a "+" or a backslash "\" can disclose the JSP source code or list restricted directories, enabling partial disclosure of sensitive data. The threat is described as rem...

Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval // source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

// source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password protect pages. Specifically, t...

sendmail 8.12.8 available

-----BEGIN PGP SIGNED MESSAGE----- Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.8. It contains a fix for a critical security problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force for bringing this problem to our attention. Sendmail urges al...

Lotus Domino Source code disclosue

Additional dot in URL allows page source code access...

Lotus Domino DOT Bug Allows for Source Code Viewing

Through some testing against some Lotus Domino web servers verified in version 5 & 6, if you append a period to the end of a non-default Lotus file type non .NSF, .NTF, etc via your browser URL request, you will be prompted to download the file. This has a possible repercussion of the ability to...

Apache Tomcat multiple bugs

Multiple vulnerability allow directory browsing and source code disclosure...

CVE-2003-0042

CVE-2003-0042 affects Apache Jakarta Tomcat up to version 3.3.1a when used with JDK 1.3.1 or earlier. The vulnerability lets remote attackers cause directory listings and disclose JSP/source via a URL containing a null character, bypassing index.html or other welcome-file safeguards. Root cause i...

CVE-2003-0042

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

Concurrent Versions System (CVS) server improperly deallocates memory

Overview A "double-free" vulnerability in the Concurrent Versions System CVS server could allow a remote attacker to execute arbitrary code or commands or cause a denial of service on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source...

Critical: Red Hat Security Advisory: cvs security update

Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 CVS is a...