NaviCOPA Web Server远程堆溢出和源码泄露漏洞

BUGTRAQ ID: 33585 NaviCOPA Web Server是一款安装在Windows系统上的Web服务器，可以自动配置HTTP访问。 如果远程攻击者向NaviCOPA Web Server提交了超长的HTTP GET请求的话，就可以触发堆溢出，导致执行任意代码；此外向服务器提交包含有圆点字符的特制HTTP请求还可以泄露PHP脚本的源码。 InterVations NaviCOPA Web Server 3.01 厂商补丁： InterVations ------------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

NaviCOPA Trailing Dot Source Code Disclosure

The version of the NaviCOPA web server software running on the remote host returns the source of scripts hosted on it if the URL ends in a dot '.'. A remote attacker can leverage this issue to view the source code of CGIs and possibly obtain passwords and other sensitive information from this hos...

SuSE Update for mono-web SUSE-SA:2007:002

Check for the Version of mono-web OpenVAS Vulnerability Test $Id: gbsuse2007002.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for mono-web SUSE-SA:2007:002 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

FreeLyrics 1.0 (source.php p) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================== FreeLyrics 1.0 source.php p Remote File Disclosure Vulnerability ================================================================== FreeLyrics Remote Source Code Disclosure...

FreeLyrics 1.0 - Remote File Disclosure

FreeLyrics 1.0 - Remote File Disclosure Piker FreeLyrics Remote Source Code Disclosure Vulnerability Affected software: FreeLyrics Vendor: http://lyrics.sourceforge.net/ Risk: Medium http://target/path/source.php?p=FILE PoC: http://target/path/source.php?p=config.php Found by Piker...

A simple php source code disclosure vulnerability excavations-vulnerability warning-the black bar safety net

We know that in asp appears to be the most or thesql injection, but in php since magicquotesgpc is on case special characters will be escaped, so even if there are a lot of times theresql injectionalso I can not use. But php powerful file operation function, but so that we can experience in asp c...

Minigal b13 (index.php list) Remote File Disclosure Exploit

Exploit for unknown platform in category web applications =========================================================== Minigal b13 index.php list Remote File Disclosure Exploit =========================================================== ?php settimelimit0; function findpass$data $pass =...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

The remote web server is affected by multiple flaws. Description : The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues...

Ipswitch WhatsUp Professional Multiple Vulnerabilities

Deprecated since it didn SPDX-FileCopyrightText: 2008 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.80068";...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200804-19 (php-toolkit)

The remote host is missing updates announced in advisory GLSA 200804-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

myblog-multi.txt

www.BugReport.ir AmnPardaz Security Research Team Title: MyBlog =0.9.8 Multiple Vulnerabilities Vendor: http://crewdesign.co.uk & http://sourceforge.net/projects/myblog Exploit: Available Vulnerable Version: 0.9.8 Impact: High Fix: N/A Original Advisory: www.bugreport.ir/?/49 1. Description:...

Information disclosure

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

CVE-2008-1111 affects lighttpd 1.4.18 through the mod_cgi path. When a fork failure occurs, lighttpd may return the source code of the CGI script instead of a 500 error, potentially allowing remote attackers to obtain sensitive information (information disclosure). Connected documents indicate re...

bloofox-multi.txt

WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...

Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure

WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...

Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected...

Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ==================================================== Bloofox 0.3 SQL/FD Multiple Remote Vulnerabilities ==================================================== WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilitie...

Bitweaver wiki/edit.php suck_url Parameter Traversal Source Code Disclosure

The remote host is running Bitweaver, an open source content management system written in PHP. The version of this software installed on the remote host fails to sanitize input to the 'suckurl' parameter of the 'wiki/edit.php' script of directory traversal sequences. An unauthenticated attacker c...

MODx CMS 0.9.6.1 Multiple Remote Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser...