561 matches found
CVE-2004-2213
CVE-2004-2213 affects the Mbedthis AppWeb HTTP server prior to 1.1.3. An HTTP request containing a trailing dot "." or trailing space can disclose the server-side source code of scripts to a remote attacker. The description indicates the vulnerability path is via crafted requests, enabling partia...
CVE-2004-2213
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a 1 trailing dot "." or 2 trailing space in an HTTP request...
CVE-2002-1986
Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...
CVE-2005-2008
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...
[Full-disclosure] Source Code Disclosure in Yaws Webserver <1.56
SEC-CONSULT Security Advisory 20050616-0 ======================================================================= title: Source Code Disclosure in Yaws Webserver program: Yaws Webserver vulnerable version: 1.55 and earlier homepage: http://yaws.hyber.org found: 2005-06-01 by: M. Eiszner /...
Yaws 1.5x - Source Code Disclosure
Yaws 1.5x - Source Code Disclosure source: https://www.securityfocus.com/bid/13981/info A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code. Information obtained in this manner may be used by the attacker to launch further attacks against a...
Yaws 1.5x - Source Code Disclosure
source: https://www.securityfocus.com/bid/13981/info A vulnerability has been reported in Yaws that may result in the disclosure of script files' source code. Information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system. Yaws 1.55 and prior...
Yaws Web Server .yaws Script Null Byte Request Source Code Disclosure
The remote host is running the Yaws web server. The remote version of this software is vulnerable to a source code disclosure issue. By requesting a '.yaws' script following by %00, an attacker may force the remote server to disclose the source code of that script. Since scripts may contain...
CVE-2005-1366
Pico Server (pServ) up to version 3.2 is affected by an information-disclosure flaw that lets remote attackers obtain the source code of CGI scripts. The vulnerability arises from a flawed CGI-bin path check: requesting URLs like somedir/../cgi-bin can cause the server to return the CGI source in...
PServ 3.2 - Source Code Disclosure
PServ 3.2 - Source Code Disclosure source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information...
PServ 3.2 - Source Code Disclosure
source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information gathered through this attack could b...
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...
AN HTTPD 1.42 - Arbitrary Log Content Injection
AN HTTPD 1.42 - Arbitrary Log Content Injection source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs ma...
AN HTTPD 1.42 - Arbitrary Log Content Injection
source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in concealing attacks and/or misleading...
RaidenHTTPD < 1.1.34 Multiple Remote Vulnerabilities
The remote host is running RaidenHTTPD 1.1.33 or older. Ther are various flaws in the remote version of this server which may allow an attacker to disclose the source code of any PHP file hosted on the remote server, or to execute arbitrary code on the remote with the privileges of the remote...
[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure
TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...
SUSE-SA:2005:002: php4, mod_php4
The remote host is missing the patch for the advisory SUSE-SA:2005:002 php4, modphp4. PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser and Marcus Boerger found several buffer overflow problems in the unserializer functions of PHP CVE-2004-1019...
Debian DSA-170-1 : tomcat4 - source code disclosure
A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security...
CVE-2002-1148
CVE-2002-1148 refers to a vulnerability in Apache Tomcat where the default servlet (org.apache.catalina.servlets.DefaultServlet) on Tomcat 4.0.4, 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. Connected sources (GHSA and OSS/ID...
Merak Webmail / IceWarp Web Mail < 5.2.8 Multiple Vulnerabilities
The target is running at least one instance of Merak Webmail / IceWarp Web Mail 5.2.7 or less or Merak Mail Server 7.5.2 or less. Such versions are potentially affected by multiple cross-site scripting, HTML and SQL injection, and PHP source code disclosure vulnerabilities. %NASLMINLEVEL 70300 Th...