561 matches found
Netref 4 (cat_for_aff.php) Source Code Disclosure Exploit
Exploit for unknown platform in category web applications ========================================================= Netref 4 catforaff.php Source Code Disclosure Exploit ========================================================= option.php Reader 'Script Name: Netref 4 catforaff.php Source Code...
Netref 4 - cat_for_aff.php Source Code Disclosure
Netref 4 - catforaff.php Source Code Disclosure option.php Reader 'Script Name: Netref 4 catforaff.php Source Code Disclosure 'Coded by : ajann 'Author : ajann 'Contact : : 'ExploitName: exploit4.asp 'Note : exploit file name =exploit4.asp 'Note :...
Netref 4 - 'cat_for_aff.php' Source Code Disclosure
option.php Reader 'Script Name: Netref 4 catforaff.php Source Code Disclosure 'Coded by : ajann 'Author : ajann 'Contact : : 'ExploitName: exploit4.asp 'Note : exploit file name =exploit4.asp 'Note : http://target/path/script/catforaff.php?addirect=../etc/passwd |etc... 'Using : Write Target afte...
[SA22000] Feedsplitter Script Insertion and Local File Inclusion
TITLE: Feedsplitter Script Insertion and Local File Inclusion SECUNIA ADVISORY ID: SA22000 VERIFY ADVISORY: http://secunia.com/advisories/22000/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Feedsplitter...
CVE-2006-4549
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified...
[SA21690] Webmin / Usermin Cross-Site Scripting and Source Code Disclosure
TITLE: Webmin / Usermin Cross-Site Scripting and Source Code Disclosure SECUNIA ADVISORY ID: SA21690 VERIFY ADVISORY: http://secunia.com/advisories/21690/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: From remote SOFTWARE: Webmin 1.x...
CVE-2006-4110
CVE-2006-4110 affects Apache 2.2.2 running on Windows. An information-disclosure vulnerability arises when the CGI directory is within the document root: requests that alter the case of the directory name bypass the ScriptAlias handler on a case-insensitive filesystem, allowing attackers to read ...
CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...
Multiple eserv IMAP mail server and web server vulnerabilities
IMAP server directory traversal, HTTP scripts source code disclosure...
Code injection
The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...
CVE-2006-2437
The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...
CVE-2006-2357
CVE-2006-2357 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp, leading to partial confidentiality impact. The NVD entry lists a Netw...
Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues, including source code disclosure and cross-site scripting...
CVE-2006-2248
CVE-2006-2248 affects Xeneo Web Server 2.2.22.0. The issue allows remote attackers to obtain the source code of script files by sending crafted requests that include dot, space, and slash characters in the file extension. This is a direct information disclosure vulnerability affecting the server’...
osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability
No description provided by source. ---- osCommerce = 2.2 "extras/" information/source code disclosure ------------ software site: http://www.oscommerce.com/ if extras/ folder is placed inside the www path, you can see all files on target system, including php source code with database details, po...
osCommerce 2.2 - 'extras' Source Code Disclosure
---- osCommerce \n"; print nl2brhtmlentitiesimplode$readme, ' '; print "Continue\n"; print "\n"; exit; ... google search: inurl:"extras/update.php" intext:mysql.php -display -------------------------------------------------------------------------------- rgod site: http://retrogod.altervista.org...
CVE-2006-1598
Summary: CVE-2006-1598 affects AN HTTPD 1.42n and possibly earlier versions (before 1.42p). Vulnerability: Remote attackers can obtain the source code of scripts by sending crafted requests that exploit specific dot and space characters in the file extension. Impact: Information disclosure (confi...
CVE-2006-1483
Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot, 2 space, and 3 slash characters in the extension of a URL...
Design/Logic Flaw
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...
Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure
Binary data 3486.prm...