CVE-1999-0154

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL...

CVE-1999-1540

shell-lock in Cactus Software Shell Lock uses weak encryption trivial encoding which allows attackers to easily decrypt and obtain the source code...

CVE-1999-1540

CVE-1999-1540 affects Cactus Software Shell Lock, where weak encryption (trivial encoding) enables local attackers to decrypt and obtain the source code. According to NVD, the baseline impact is Partial confidentiality with no integrity or availability impact, and the exploit is local with low ov...

PGPsdk Key Validity Vulnerability

http://www.pgp.com/support/product-advisories/pgpsdk.asp A vulnerability in PGP's display of key validity has been discovered that could allow an attacker to fool users into thinking that a valid signature was created by what is actually an invalid user ID. If the attacker can obtain a signature ...

CVE-2001-0693

CVE-2001-0693 affects WebTrends HTTP Server 3.1c and 3.5, where a remote attacker can view script source by requesting a filename followed by an encoded space (%20). The underlying issue is an information disclosure vulnerability in the server’s handling of URL paths. The CVSS vector indicates ne...

CVE-2001-0709

Vulnerability summary (CVE-2001-0709): Microsoft IIS 4.0 and earlier, when installed on a FAT partition, is susceptible to remote disclosure of ASP source code. An attacker can obtain the source by requesting a URL encoded with Unicode. The description in the provided documents confirms the expos...

CVE-2001-0693

WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space %20...

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

-- iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- Overview -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search...

Получение исходного текста CGI в Bad Blue (source code retrieval)

Додбавив 00 к имени файла PHP или CGI можно получить его исходный код...

BSDi (3.0/3.1) reboot machine code as any user (non-specific)

this is something from a little while back. thought i might as well post it for some sort of use, generally a pretty minimal problem. has similar effects to the old f00f bug. except this reboots the machine, instead of having a freezing effect. original source: http://realhalo.org/killbsdi.c --...

OmniHTTPd Encoded Space Request Script Source Disclosure

OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as...

hypo_linksys_advisory.txt

:UPDATE hypoclear security advisory UPDATE: Update Note: Thanks to the guys on the vuln-watch list who helped with a better solution! Vendor : Linksys | http://www.linksys.com/ Product : EtherFast 4-Port Cable/DSL Router Category : Design Flaw Date : 08-02-01 Update : 08-02-01 CONTENTS 1. Overvie...

Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options

Overview The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. Description There is a remotely...

OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a

OpenSSL Security Advisory 10 July 2001 WEAKNESS OF THE OpenSSL PRNG IN VERSIONS UP TO OpenSSL 0.9.6a ------------------------------------------------------------- CONTENTS: - Synopsis - Detailed problem description - Solution - Impact - Source code patch - Acknowledgement OpenSSL 0.9.6b has been...

Дырки в нескольких Web-серверах (buffer overflow, source code disclosure)

Переполнения буфера и другие дырки...

Получение исходного кода страницы в Perception LiteServe (source code retrieval)

Можно получить исходный текст страницы используя имена в формате 8.3...

CVE-2001-0446

IBM WCS WebSphere Commerce Suite 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL...

ScreamingMedia SITEWare source code disclosure vulnerability

FS Advisory ID: FS-061201-18-SMSW Release Date: June 11, 2001 Product: ScreamingMedia SITEWare Vendor: ScreamingMedia Inc. http://www.screamingmedia.com Vendor Advisory: http://www.screamingmedia.com/security/sms1001.php Type: Source code disclosure vulnerability Severity: High Author: Mike Shema...

BSD - TelnetD Remote Command Execution (1)

BSD - TelnetD Remote Command Execution 1 / 7350854 - x86/bsd telnetd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third...

BSD - 'TelnetD' Remote Command Execution (1)

/ 7350854 - x86/bsd telnetd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties, copied or duplicated in any form, in...