Caucho Technology Resin 1.2 - JSP Source Disclosure

source: https://www.securityfocus.com/bid/1986/info Resin is a servlet and JSP engine that supports java and javascript. ServletExec will return the source code of JSP files when an HTTP request is appended with certain characters. This vulnerability is dependent on the platform that Resin is...

Disclosure of JSP source code with ServletExec AS v3.0c + web instance

Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...

Unify eWave ServletExec 3 - .JSP Source Disclosure

source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...

HP-UX 11.0 pppd Stack Buffer Overflow Exploit

Exploit for hp-ux platform in category local exploits ============================================= HP-UX 11.0 pppd Stack Buffer Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / /...

[SECURITY] New version of tcpdump released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman November 20, 2000 - ------------------------------------------------------------------------ Package: tcpdump Vulnerability:...

iis.asp.txt

NtWaK0 Bug / Security / Advisory Saturday, October 21, 2000 IIS 5 and using ..%c0%af../winnt/system32/cmd.exe?/c+type+c: To Read any ASP source Code of the server o Synopsis Based on http://www.wiretrip.net/rfp/p/doc.asp?id=57&iface=2 I done some research and found that that ..%c0%af.. can be use...

Allaire JRun 2.3 - File Source Code Disclosure

source: https://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed URL using the SSIFilter servlet, a remote user wi...

Allaire JRun 2.3 - File Source Code Disclosure

Allaire JRun 2.3 - File Source Code Disclosure source: https://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed UR...

CVE-2000-0778

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...

CVE-2000-0671

Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character %00 to the URL...

CVE-2000-0778

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...

CVE-2000-0500

The CVE-2000-0500 entry affects BEA WebLogic 5.1.0; the default configuration allows a remote attacker to view source code by requesting a URL beginning with /file/, causing the default servlet to display the file without processing. The available sources consistently describe this behavior; no e...

CVE-2000-0778

CVE-2000-0778 affects Microsoft IIS (IIS 5.0/5.1). Vulnerability arises from an information-disclosure flaw where an HTTP Translate: f header allows remote attackers to obtain ASP/ASA source code. Affected products include Windows IIS; root cause is improper handling of the Translate header leadi...

CVE-2000-0521

Savant web server vulnerability CVE-2000-0521 allows remote disclosure of CGI source by requesting the original CGI form. The OpenVAS NASL description: “Savant original form CGI access” states that attackers can download the unprocessed CGI, exposing sensitive information stored inside those scri...

CVE-2000-0671

The vulnerability CVE-2000-0671 affects Roxen Web Server prior to 2.0.69. An attacker can insert a null character (%00) into the URL to bypass access restrictions, list directory contents, and read source code, resulting in information disclosure. Affected component: Roxen Web Server (versions

CVE-2000-0497

The CVE-2000-0497 issue affects IBM WebSphere server 3.0.2, where a remote attacker can view the source code of a JSP program by requesting a URL that serves a JSP extension in upper case. The root cause is case-insensitive handling of JSP extensions, allowing source disclosure over the network. ...

CVE-2000-0500

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing...

CVE-2000-0499

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

CVE-2000-0683

BEA WebLogic 5.1.x is affected by an information-disclosure vulnerability where remote attackers can read the source code of parsed JSP pages by injecting /*.shtml/ into the URL, which invokes the SSIServlet. The underlying cause is JSP/SSIServlet invocation that allows viewing source code, leadi...

CVE-2000-0499

BEA WebLogic 3.1.8–4.5.1 is affected. The default configuration allows a remote attacker to view the source code of a JSP program by requesting a URL that exposes the JSP extension in upper case. Root cause: default config enables exposing JSP source. Impact: confidentiality of JSP source could b...