5313 matches found
IBM WebSphere default servlet handler showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere default servlet handler showcode vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072400-6-IBM Release Date: July 24, 2000 Product: IBM...
CVE-2000-0652
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string...
IBM Websphere Application Server 2.0./3.0/3.0.2.1 - Showcode
source: https://www.securityfocus.com/bid/1500/info Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory. This is possible via a flaw which allows a defau...
IBM Websphere Application Server 2.0.3.03.0.2.1 - Showcode
IBM Websphere Application Server 2.0.3.03.0.2.1 - Showcode source: https://www.securityfocus.com/bid/1500/info Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root...
CVE-2000-0630
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability...
Microsoft IIS 4.05.0 - Source Fragment Disclosure
Microsoft IIS 4.05.0 - Source Fragment Disclosure source: https://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp or .asa, .ini, e...
Microsoft IIS 4.0/5.0 - Source Fragment Disclosure
source: https://www.securityfocus.com/bid/1488/info Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp or .asa, .ini, etc file. Appending this string causes the request ...
The MDMA Crew's GateKeeper Exploit
I covered a flaw in Gatekeeper 3.5 about a month ago. Well, Gatekeeper 3.6 is out now, and I'm assuming it's fixed, so it's safe to release some exploit code. Find the Java src and the bytecode attached. Cheers, Wizdumb...
CVE-2000-0396
CVE-2000-0396 affects the add.exe component of the Carello shopping cart software. The vulnerability allows remote attackers to duplicate files on the server, which could enable reading source code of web scripts such as .ASP files. The NVD entry lists a MEDIUM base score (5.0) with network impac...
CVE-2000-0396
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files...
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing...
BEA Systems WebLogic Express 3.1.845 - Source Code Disclosure
BEA Systems WebLogic Express 3.1.845 - Source Code Disclosure source: https://www.securityfocus.com/bid/1378/info Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have a...
BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure
source: https://www.securityfocus.com/bid/1378/info Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet. If an http request is made that includes...
IBM WebSphere JSP showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere Application Server ---------------------------------------------------------------------- FS Advisory ID: FS-061200-3-IBM Release Date: June 12, 2000 Product: WebSphere Application Server Vendo...
CVE-2000-0499
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2000-0497
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2000-0498
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
Potential vulnerability in Unify eWave ServletExec
Niclas Vikstrom [email protected] brought this to my attention. Unify eWave ServletExec http://www.servletexec.com/ is a Java Server Pages JSP processing environment which runs on IIS amongst a variety of other platforms and OS'. JSP is similar to ASP in that it allows server-side source...
Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure
source: https://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0 GET /cgi-bin/script.xyz...
CVE-2000-0004
ZBServer Pro (CVE-2000-0004) exposes a partial confidentiality impact by allowing remote attackers to read source code of executable files when a dot is inserted into the URL. This is a network-accessible issue with low attack complexity and no authentication required, aligning with a CVSS v2 bas...