CVE-1999-0253

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . dot in the URL...

CVE-1999-0286

The CVE describes a vulnerability in some NT web servers where appending a trailing space to a URL allows attackers to read the source of active pages, enabling complete confidentiality compromise. Documented by multiple sources (NVD, Red Hat, CVE list) with no publicly documented fix/version pro...

Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut

Cat Soft Serv-U 2.5/a/b,Windows 2000 Advanced Server/2000 Datacenter Server/2000 Professional/2000 Server/2000 Terminal Services/95/98/NT 4.0/NT Enterprise Server 4.0/NT Server 4.0/NT Terminal Server 4.0/NT Workstation 4.0 Shortcut Vulnerability source: https://www.securityfocus.com/bid/970/info...

CVE-1999-0725

The affected product is Microsoft IIS. When IIS runs with a default language set to Chinese, Korean, or Japanese, a remote attacker can view the source code of certain files (described as the Double Byte Code Page issue). The Red Hat entry and other mirrors confirm the same behavior. The root c...

CVE-1999-0745

Buffer overflow in Source Code Browser Program Database Name Server Daemon pdnsd for the IBM AIX C Set ++ compiler...

CVE-1999-0154

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL...

PT-1999-1008 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 2.0 through 3.0 Description: The issue allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL. Recommendations: For IIS versions 2.0 through 3.0, consider restricting access to AS...

CVE-1999-0278

Microsoft IIS ASP::$DATA ASP Source Disclosure: remote attackers can obtain ASP source by appending '::$DATA' to the URL. Affected: IIS hosting ASP scripts. Root cause: information disclosure via URL handling in IIS. Exploitation details: not provided in the supplied documents. Remediation: no pa...

proftpd_exploit.txt

Subject: ProFTPD To: [email protected] / !!!! Private .. ... distribute !!!! proftpd-1.2.0 remote root exploit beta2 Still need some code, but it works fine Offset: Linux Redhat 6.0 0 - proftpd-1.2.0pre1 0 - proftpd-1.2.0pre2 0 - proftpd-1.2.0pre3 If this dont work, try changing the align...

cfdecrypt.txt

Subject: Re: New Allaire Security Zone Bulletins and KB Articles To: [email protected] On Tue May 25 1999, James Stephens wrote: At 03:00 PM 5/24/99 -0700, [email protected] wrote: ASB99-08: Pages Encrypted with CFCRYPT.EXE Can Be Illegally Decrypted Has anyone seen the program that...

CVE-1999-0745

Buffer overflow in Source Code Browser Program Database Name Server Daemon pdnsd for the IBM AIX C Set ++ compiler...

msie.5.0.javascript.dos.txt

Date: Mon, 31 May 1999 16:18:02 GMT From: THR - To: [email protected] Subject: Exploit in Internet Explorer 5.0 Hi everyone! I have found a bug which will freeze Internet Explorer 5.0 I know that there are many bugs that will crasch browsers but what makes this one special is the following: In...

tcpwrapper-backdoor.txt

Date: Thu, 21 Jan 1999 11:38:17 -0500 From: Wietse Venema To: [email protected] Subject: backdoored tcp wrapper source code TCP Wrappers is a widely-used security tool to protect UNIX systems against intrusion. In has an estimated installed base of millions. Today someone replaced the tcp...

netscape-cache-exploit.txt

Below is source code for the two versions of the Netscape Cache exploit that was recently discovered by Dan Brumleve , as found on his web site at http://www.shout.net/nothing/cache-cow/index.html First version , and then second version listed. -----snip----- !/usr/bin/perl cache-cow.cgi -- Dan...

ms.iis4.showcode.txt

L0pht Security Advisory ------------- URL Origin: http://www.l0pht.com/advisories.html Release Date: May 7th, 1999 Application: Microsoft IIS 4.0 Web Server Severity: Web users can view ASP source code and other sensitive files on the web server Author: [email protected] Operating Sys: Microsoft NT...

Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access

Internet Information Server IIS 4.0 ships with a set of sample files to help web developers learn about Active Server Pages ASP. One of these sample files, 'showcode.asp' installed in /msadc/Samples/SELECTOR/, is designed to view the source code of the sample applications via a web browser. The...

Microsoft IIS 3.04.0 - Double Byte Code Page

Microsoft IIS 3.04.0 - Double Byte Code Page source: https://www.securityfocus.com/bid/477/info This vulnerability could allow a web site viewer to obtain the source code for .asp and similar files if the server's default language Input Locale is set to Chinese, Japanese or Korean. How this works...

Microsoft IIS 3.0/4.0 - Double Byte Code Page

source: https://www.securityfocus.com/bid/477/info This vulnerability could allow a web site viewer to obtain the source code for .asp and similar files if the server's default language Input Locale is set to Chinese, Japanese or Korean. How this works is as follows: IIS checks the extension of t...

Microsoft IIS 4.0 / Microsoft Site Server 3.0 - Showcode ASP

source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by the web server. IIS 4.0 installs a...

Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files

source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this synta...