5313 matches found
Source code retrival in Sambar
It's possible to get source code by adding space with NULL symbol to filename...
[NT] Sambar Webserver Serverside Fileparse Bypass
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...
Microsoft IIS 5.0 - 'CodeBrws.asp' Source Code Disclosure
source: https://www.securityfocus.com/bid/4525/info Microsoft IIS 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts /IISSAMPLES directory. However, this script CodeBrws.asp does not adequately filter unicode representations of directory...
Microsoft IIS 5.0 - CodeBrws.asp Source Code Disclosure
Microsoft IIS 5.0 - CodeBrws.asp Source Code Disclosure source: https://www.securityfocus.com/bid/4525/info Microsoft IIS 5.0 ships with a sample script that may be used to view the source code of other scripts in the sample scripts /IISSAMPLES directory. However, this script CodeBrws.asp does no...
CVE-2001-1222
Plesk Server Administrator PSA 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain...
CVE-2001-1222
Plesk Server Administrator (PSA) 1.0 is affected by CVE-2001-1222: remote attackers can obtain PHP source code by issuing an HTTP request that includes the target IP address and a valid domain account name. The vulnerability is documented in NVD with a medium impact score (CVSSv2: AV:N/AC:L/Au:N/...
CVE-2001-1140
BadBlue Personal Edition v1.02 beta is affected by CVE-2001-1140, where remote attackers can read source code of executables by adding a null byte (%00) to the request. The vulnerability is exploitable over a network with low attack complexity and no authentication, causing partial confidentialit...
CVE-2001-1222
Plesk Server Administrator PSA 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain...
CVE-2001-0590
CVE-2001-0590 affects Apache Tomcat Servlet prior to 3.2.2. A malformed URL request that does not end with a protocol (e.g., HTTP/1.0) can cause a remote attacker to read the source code of arbitrary JSP files, constituting information disclosure. The issue is confirmed in multiple sources tying ...
Oracle 9iAS allows access to CGI script source code within CGI-BIN directory
Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...
Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...
Perl2Exe 1.0 95.0 26.0 - Code Obfuscation
Perl2Exe 1.0 95.0 26.0 - Code Obfuscation source: https://www.securityfocus.com/bid/6909/info Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectatio...
CVE-2002-1603
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, , %2f encoded /, %20 encoded space, or %00 encoded null character, which returns the ASP source code unparsed...
JSP translation file access under Oracle 9iAS
NGSSoftware Insight Security Research Advisory Name: OracleJSP Systems Affected: Oracle 9iAS Platforms: All Operating Systems Severity: Medium/High Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Date: 6th February 2002 Advisory number: NISR06022002C Advisory...
CVE-2001-0926
CVE-2001-0926 affects Allaire JRun 2.3.3, 3.0, and 3.1. The flaw arises in the SSI filter: an HTTP request for a non-existent SSI page carrying an #include statement can cause the server to disclose its web root files, enabling remote attackers to obtain source code for JavaServer Pages (.jsp) an...
CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages .jsp and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an include statement...
[Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
mutt-1.2.5.1 and mutt-1.3.25 have just been released. These releases both fix a security hole which can be remotely exploited. The problem was found and a fix suggested by Joost Pol [email protected]. Thanks for that. mutt-1.2.5.1 is released as an update to the last stable version of mutt,...
OpenBSD ftp Exploit (teso)
Exploit for bsd platform in category local exploits ========================== OpenBSD ftp Exploit teso ========================== / 7350-crocodile - x86/OpenBSD ftp exploit by lorian and scut / TESO=20 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO...
OpenBSD - ftp Local Overflow
OpenBSD - ftp Local Overflow / 7350-crocodile - x86/OpenBSD ftp exploit by lorian and scut / TESO=20 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed t...
OpenBSD - 'ftp' Local Overflow
/ 7350-crocodile - x86/OpenBSD ftp exploit by lorian and scut / TESO=20 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties, copied or...