CVE-2000-0683

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...

CVE-2000-0630

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-2000-0630

Summary: IIS 4.0 and 5.0 can disclose fragments of source code by requesting a known file with a appended +.htr, via the ISAPI-based .HTR handling in IIS. What’s affected: Microsoft Internet Information Services (IIS) 4.0/5.0, specifically the mechanism that processes .HTR ISAPI scripts (ISM.DLL)...

CVE-2000-0682

BEA WebLogic 5.1.x is affected by a source-code disclosure vulnerability: inserting /ConsoleHelp/ into a URL can cause the FileServlet to disclose source files. Multiple sources (NVD entry CVE-2000-0682 and OpenVAS/Nessus plugins) describe this WebLogic FileServlet source code disclosure issue. T...

CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...

CVE-2000-0652

The CVE-2000-0652 entry describes a vulnerability in IBM WebSphere where remote attackers can read source code of executable web files by directly invoking the default InvokerServlet with a URL containing the string “/servlet/file.” This is a network-accessible issue that exposes partial confiden...

DST2K0032.txt

============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 19/09/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

TalentSoft Web+ Client/Monitor/server 4.6 - Source Code Disclosure

source: https://www.securityfocus.com/bid/1722/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. Web+ can be used to display the source code of WML files residing on an NTFS parition by appending certain data to the known WML file. This...

TalentSoft Web+ ClientMonitorserver 4.6 - Source Code Disclosure

TalentSoft Web+ ClientMonitorserver 4.6 - Source Code Disclosure source: https://www.securityfocus.com/bid/1722/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. Web+ can be used to display the source code of WML files residing on an NTFS...

AnyPortal(php)-0.1 Vulnerability

======================================================== AnyPortalphp-0.1 Vulnerability ======================================================== Date: 08/09/2000 Author: zorgon [email protected] Web: http://www.nightbird.free.fr Introduction -------------- Secure Reality Pty Ltd. has publishe...

Дырка в SiteMinder

С помощью специально сконструированной URL можно получить доступ к закрытым документам, кроме того, можно получить исходные тексты CGI-приложений...

format string bug in muh

Hi, muh is an IRC bouncer, a program that will allow you to use any host you have a shell on as a relay between you and IRC. Moreover, muh stays connected when you are not, and can log any message you receive. The muh official homepage is : http://mind.riot.org/muh/. The latest version, 2.05d and...

@stake Advisory: SuSE Apache CGI Source Code Viewing (A090700-2)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com www.cerberus-infosec.co.uk Security Advisory Release Date: 09/07/2000 Application: Apache 1.3.9/12 Platform: SuSE Linux 6.3 and 6.4 Severity: An attacker can gain access to source code of CGI scripts. As such they may be...

Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure

The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or...

Microsoft IIS Translate f: ASP/ASA Source Disclosure

There is a serious vulnerability in Windows 2000 unpatched by SP1 that allows an attacker to view ASP/ASA source code instead of a processed file. SP source code can contain sensitive information such as usernames and passwords for ODBC connections. %NASLMINLEVEL 70300 This script was written by...

Заткнута дырка в IIS (Specialized Header)

При определенном HTTP-заголовке запроса можно было получить исходные тексты ASP-приложения...

Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (1)

source: https://www.securityfocus.com/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing so, it will prompt for a username...

Microsoft IIS 5.0 - Translate: f Source Disclosure (1)

Microsoft IIS 5.0 - Translate: f Source Disclosure 1 source: https://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them...

Microsoft IIS 5.0 - Translate: f Source Disclosure (2)

Microsoft IIS 5.0 - Translate: f Source Disclosure 2 source: https://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them...

FS-072800-9-BEA.txt

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...