Yahoo!: readble .htaccess + Source Code Disclosure (+ .SVN repository)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

[Netsparker v3.2] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

[Arachni v0.4.4] The Web Application Security Scanner Framework

Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit. Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible...

Resin Application Server 4.0.36 XSS / Source Code Disclosure

Resin Application Server version 4.0.36 suffers from a cross site scripting / source code disclosure vulnerabilities. Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional...

Resin Application Server 4.0.36 - Source Code Disclosure

Resin Application Server 4.0.36 - Source Code Disclosure Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java...

Resin Application Server 4.0.36 - Source Code Disclosure

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...

Resin Application Server 4.0.36 Source Code Disclosure

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description The vulnerability is caused do to an improper sanitization of the 'fil...

Microsoft IIS 6. 0 and 7. 5 multiple vulnerabilities and the use of method-vulnerability warning-the black bar safety net

Microsoft IIS 6.0 install PHP to bypass authentication vulnerability Microsoft IIS with PHP 6.0, which is on PHP5 in Windows Server 2 0 0 3 SP1 test detail: An attacker can send a special request is sent to the IIS 6.0 Service, successfully bypass access restrictions The attacker can access the...

CVE-2013-0467

IBM Eclipse Help System IEHS, as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL...

Kerio WinRoute Firewall Web Server Remote Source Code Disclosure

By sending specially crafted requests with a NULL byte followed by an extension such as '.txt', an unauthenticated, remote attacker can obtain the source code of PHP files available through the version of Kerio WinRoute Firewall installed on the remote host. %NASLMINLEVEL 70300 C Tenable Network...

IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE

THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed Authentication Bypass Affected software: Microsoft IIS 6.0 wi...

Microsoft IIS 6.0/7.5 Multiple Vulnerabilities(Authentication Bypass)

No description provided by source. THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed Authentication Bypass...

Microsoft IIS 6.0 and 7.5 Multiple Vulnerabilities

Exploit for windows platform in category remote exploits THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

Critical: Red Hat Security Advisory: php security update

Updated php packages that fix one security issue are now available for Red Hat Application Stack v2. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Kerio WinRoute Firewall Web Server Remote Source Code Disclosure Vulnerability

Kerio WinRoute Firewall is prone to a remote source-code- disclosure vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks. Version...

Kerio WinRoute Firewall Source Code Disclosure

Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.htm Version: prior to 6 Tested on: Microsoft Windows CV...

Critical: Red Hat Security Advisory: php security update

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability...