5313 matches found
CVE-2001-1511
JRun 3.0 and 3.1 running on JRun Web Server JWS and IIS allows remote attackers to read arbitrary JavaServer Pages JSP source code via a request URL containing the source filename ending in 1 "jsp%00" or 2 "js%2570"...
IRM Security Advisory 002: Netware Web Server Source Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 002 Netware Web Server 5.1 Sample Page Source Disclosure Vulnerablity Type / Importance: Information Leakage / High Problem discovered: November 18th 2001...
Solaris /bin/login (SPARC/x86) - Remote Code Execution
/ 7350963 - /bin/login remote root explot SPARC/x86 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. C COPYRIGHT TESO Security, 2001 All Rights Reserved bug found by scut 2001/12/20 thanks to halvar,scut,typo,random,edi,xdr. special thanks to...
Solaris /bin/login Remote Root Exploit (SPARC/x86)
Exploit for linux platform in category remote exploits ================================================== Solaris /bin/login Remote Root Exploit SPARC/x86 ================================================== / 7350963 - /bin/login remote root explot SPARC/x86 TESO CONFIDENTIAL - SOURCE MATERIALS Th...
JRun SSI Request Body Parsing
Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...
Buffer overflow in Python code
Hi, I've found buffer overflow in Python 2.1.1 source code. Maybe there're many others The buffer overflow is in the file traceback.c in the directory Python of the Python source code. Simply there's a sprintf done in this way: sprintflinebuf,FMT,filename,lineno,name What cause the overflow is th...
IBM AS/400 HTTP Server '/' attack
IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as an .html or .jsp page -- by attaching an '/' to the end of a URL. Compare these two URL's: http://www.foo.com/getsource.jsp http://www.foo.com/getsource.jsp/ The later URL wil...
IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure
IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as a .html or .jsp page -- by attaching an '/' to the end of a URL. %NASLMINLEVEL 70300 This script was written by Felix Huber Script audit and contributions from Carmichael...
IBM HTTP Server 1.3.x - Source Code Disclosure
IBM HTTP Server 1.3.x - Source Code Disclosure source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' i...
IBM HTTP Server 1.3.x - Source Code Disclosure
source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to the end of a request for an...
CVE-2001-0795
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...
CVE-2001-0778
OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space %20...
CVE-2001-0795
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...
CVE-2001-0778
Affected software: OmniHTTPd (OmniPro HTTPd) up to 2.08. Vulnerability: remote attackers can disclose source code of scripting files by sending a URL with an encoded space (%20); the flaw is not present for CGI directories (cgibin/cgi-win). Impact: information disclosure of script/source files (c...
CVE-2001-0795
Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...
results of semi-automatic source code audit
/ results of semi-automatic source code audit of a majority of php based open-source projects registered at Freshmeat.net or Sourceforge.net release date: 2001-10-02 authors: atil [email protected] genetics [email protected] yaht@ircnet, Yet Another Hacker Team / --=introduction=-- ph...
CVE-2001-0709
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...
CVE-2001-0693
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space %20...
CVE-2001-0004
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...
CVE-2001-0004
This CVE concerns IIS 4.0/5.0 where an attacker can cause the server to disclose file contents by sending a crafted GET request that appends %3F+.htr, causing the target file to be parsed as an .HTR ISAPI extension. Impact: unauthenticated remote disclosure of potentially sensitive files within t...