AN HTTPD 1.42 Arbitrary Log Content Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in...

oracle application server discussion forum portlet Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting...

IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1500/info Certain versions of the IBM WebSphere application server ship with a vulnerability which allows malicious users to view the source of any document which resides in the web document root directory. This is possib...

Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returne...

Merak Mail Server 7.4.5 settings.html Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

Merak Mail Server 7.4.5 attachment.html attachmentpage_text_error Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

Juergen Weigert screen 3.9 User Supplied Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1641/info Various format string vulnerabilities exist in versions 3.9.5 and prior of 'screen' that may allow local users to elevate their privileges. If screen is setuid root, it is possible to alter the contents of the...

Inktomi Search Software 3.0 Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:...

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

No description provided by source. Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory : http://secpod.org/blog/?p=481...

eXtremail <= 2.1.1 PLAIN authentication Remote Stack Overflow Exploit

No description provided by source. / extremail-v6.c Copyright c 2006 by [email protected] eXtremail =2.1.1 remote root exploit x86-lnx by mu-b - Wed Oct 18 2006 - Tested on: eXtremail 2.1.1 lnx eXtremail 2.1.0 lnx Stack overflow in ifParseAuthPlain - Private Source Code -DO NOT DISTRIBUTE -...

Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not attempt to use that...

Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability

No description provided by source. Thatware 0.4.6 rootpath Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware0.4.6.tar.gz Page Affect config.php ExP:...

ProFTPD 1.3.3c - Compromised Source Remote Root Trojan

No description provided by source. == ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server a...

Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/477/info This vulnerability could allow a web site viewer to obtain the source code for .asp and similar files if the server's default language Input Locale is set to Chinese, Japanese or Korean. How this works is as...

Kolibri+ Webserver 2 - Remote Source Code Disclosure Vulnerability

No description provided by source. Name : Kolibri+ Webserver 2 , Remote file disclousure exploit Author : Skull-HacKeR Download Page : http://download.cnet.com/Kolibri-WebServer/3000-102484-10896378.html?tag=mncol Attack type : Remote Exploitation Exploit: http://127.0.0.1/default.asp...

Michael Lamont Savant WebServer 2.1 CGI Source Code Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a GET request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0 proper script execution/output GE...

BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1378/info Within WebLogic Server and WebLogic Express there are four main java servlets registered to serve different kind of files. A default servlet exists if a requested file does not have an assigned servlet. If an ht...

IBM HTTP Server 1.3.x Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to...

Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...

Perception LiteServe 2.0 CGI Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further...