5335 matches found
Inktomi Search Software 3.0 - Source Disclosure
source: https://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/somefile.html/ will return the source to...
CVE-2000-1052
The CVE-2000-1052 entry concerns Allaire JRun 2.3 server. Affected component: SSIFilter servlet. Root cause: remote attackers can directly invoke the SSIFilter servlet to obtain source code for executable content, leading to partial confidentiality impact. The public description states exposure o...
Caucho Technology Resin 1.2 - JSP Source Disclosure
source: https://www.securityfocus.com/bid/1986/info Resin is a servlet and JSP engine that supports java and javascript. ServletExec will return the source code of JSP files when an HTTP request is appended with certain characters. This vulnerability is dependent on the platform that Resin is...
Disclosure of JSP source code with ServletExec AS v3.0c + web instance
Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...
Unify eWave ServletExec 3 - .JSP Source Disclosure
source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...
HP-UX 11.0 pppd Stack Buffer Overflow Exploit
Exploit for hp-ux platform in category local exploits ============================================= HP-UX 11.0 pppd Stack Buffer Overflow Exploit ============================================= / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / /...
[SECURITY] New version of tcpdump released
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman November 20, 2000 - ------------------------------------------------------------------------ Package: tcpdump Vulnerability:...
iis.asp.txt
NtWaK0 Bug / Security / Advisory Saturday, October 21, 2000 IIS 5 and using ..%c0%af../winnt/system32/cmd.exe?/c+type+c: To Read any ASP source Code of the server o Synopsis Based on http://www.wiretrip.net/rfp/p/doc.asp?id=57&iface=2 I done some research and found that that ..%c0%af.. can be use...
Allaire JRun 2.3 - File Source Code Disclosure
Allaire JRun 2.3 - File Source Code Disclosure source: https://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed UR...
Allaire JRun 2.3 - File Source Code Disclosure
source: https://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed URL using the SSIFilter servlet, a remote user wi...
CVE-2000-0778
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...
CVE-2000-0521
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...
CVE-2000-0671
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character %00 to the URL...
CVE-2000-0778
CVE-2000-0778 affects Microsoft IIS (IIS 5.0/5.1). Vulnerability arises from an information-disclosure flaw where an HTTP Translate: f header allows remote attackers to obtain ASP/ASA source code. Affected products include Windows IIS; root cause is improper handling of the Translate header leadi...
CVE-2000-0671
The vulnerability CVE-2000-0671 affects Roxen Web Server prior to 2.0.69. An attacker can insert a null character (%00) into the URL to bypass access restrictions, list directory contents, and read source code, resulting in information disclosure. Affected component: Roxen Web Server (versions
CVE-2000-0778
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability...
CVE-2000-0499
BEA WebLogic 3.1.8–4.5.1 is affected. The default configuration allows a remote attacker to view the source code of a JSP program by requesting a URL that exposes the JSP extension in upper case. Root cause: default config enables exposing JSP source. Impact: confidentiality of JSP source could b...
CVE-2000-0683
BEA WebLogic 5.1.x is affected by an information-disclosure vulnerability where remote attackers can read the source code of parsed JSP pages by injecting /*.shtml/ into the URL, which invokes the SSIServlet. The underlying cause is JSP/SSIServlet invocation that allows viewing source code, leadi...
CVE-2000-0500
The CVE-2000-0500 entry affects BEA WebLogic 5.1.0; the default configuration allows a remote attacker to view source code by requesting a URL beginning with /file/, causing the default servlet to display the file without processing. The available sources consistently describe this behavior; no e...
CVE-2000-0682
BEA WebLogic 5.1.x is affected by a source-code disclosure vulnerability: inserting /ConsoleHelp/ into a URL can cause the FileServlet to disclose source files. Multiple sources (NVD entry CVE-2000-0682 and OpenVAS/Nessus plugins) describe this WebLogic FileServlet source code disclosure issue. T...