CVE-2006-0819

CVE-2006-0819 affects Dwarf HTTP Server 1.3.2. A validation error in the requested URL filename extension (dot/space/slash/NULL characters) allows remote disclosure of JSP source. Secunia also notes unsanitized error responses enabling XSS. Mitigation: update to version 1.3.3.

Multiple Dwarf HTTP Server vulnerabilities

Crossite scripting, scripts source code disclosure...

CVE-2006-0815

Summary of CVE-2006-0815 : Affects NetworkActiv Web Server 3.5.15. The vulnerability arises from improper validation of filename extensions when a forward slash is included in a URL, enabling a remote attacker to disclose the source code of scripts hosted on the server (information disclosure). I...

CVE-2006-0949

RaidenHTTPD 1.1.47 is vulnerable to information disclosure via crafted requests containing dot, space, and slash characters that allow remote attackers to obtain source code of script files (e.g., PHP). The underlying issue is inadequate validation of URL filename extensions. A fix is to upgrade ...

CVE-2005-4550

The PORTAL schema in Oracle Application Server OracleAS Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a dfnextpage parameter with a trailing null byte %00...

oracle Application server discussion forum portlet - Multiple Vulnerabilities

oracle Application server discussion forum portlet - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The...

oracle Application server discussion forum portlet - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/16048/info Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The following specific vulnerabilities were identified: The application is prone to a cross-site scripting vulnerability. Discussion Forum Portle...

CVE-2005-4473

Unspecified vulnerability in Macromedia JRun 4 web server JWS allows remote attackers to view web application source code via "a malformed URL."...

CVE-2005-4147

The TCLHTTPd component of Lyris ListManager (pre-8.9b) is vulnerable: remote attackers can obtain source code for arbitrary .tml TCL files via a request containing a trailing null byte (%00), with a possible authentication bypass involving a username ending in “@”. Affected product/version: ListM...

CVE-2004-2636

TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL...

[SA17659] Jetty JSP Source Code Disclosure Vulnerability

TITLE: Jetty JSP Source Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA17659 VERIFY ADVISORY: http://secunia.com/advisories/17659/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Jetty 5.x http://secunia.com/product/6169/ DESCRIPTION: A...

WebLogic source code disclosure

There is a bug in the Weblogic web application. Namely, by inserting a /ConsoleHelp/ into a URL, critical source code files may be viewed. OpenVAS Vulnerability Test $Id: consolehelp.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: WebLogic source code disclosure Authors: John Lampe...

Multiple Vulnerabilities in Merak Webmail / IceWarp Web Mail

The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less - . This product is subject to multiple XSS, HTML and SQL injection, and PHP source code disclosure vulnerabilities. OpenVAS Vulnerability Test $Id:...

ASP/PHP '%20' Source Code Disclosure Vulnerability - Active Check

Multiple products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi SPDX-FileCopyrightText: New code / detection methods since 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

MondoSoft MondoSearch < 4.4.5156 'msmmask.exe' Source Disclosure Vulnerability - Active Check

MondoSoft MondoSearch is prone to a source code disclosure vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2005-3293

Xerver 4.17 allows remote attackers to 1 obtain source code of scripts via a request with a trailing "." dot or 2 list directory contents via a trailing null character...

CVE-2005-3293

CVE-2005-3293 affects Xerver before v4.20. Two information-disclosure vectors are described: (1) appending a trailing dot to a script URL to obtain its source code, and (2) sending a request with a trailing null character (%00) to list directory contents. Evidence from NVD/CVE records confirms vu...

[SA17164] Sun Java System Application Server JSP Source Code Disclosure

TITLE: Sun Java System Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA17164 VERIFY ADVISORY: http://secunia.com/advisories/17164/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Sun Java System Application Server Sun ONE 7...

[Full-disclosure] 3 minor vulnerabilities in IPSwitch products

The following 3 minor vulnerabilities were found in the products Whatsup Gold 8.04 and WhatsUp Small Business 2004 Ipswitch Whatsup Gold 8.04 - Access to view source code of all filesCIRT-34-advisory Ipswitch Whatsup Gold 8.04 - Cross Site Scripting CIRT-35-advisory Ipswitch Whatsup small Busines...

Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1)

There is a serious vulnerability in IIS 5.1 that allows an attacker to view ASP/ASA source code instead of a processed file, when the files are stored on a FAT partition. ASP source code can contain sensitive information such as username's and passwords for ODBC connections. %NASLMINLEVEL 70300 C...