Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files

source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this synta...

Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files

Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

CVE-1999-0286

In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages...

PT-1999-1031 · Microsoft · Nt Web Servers

Name of the Vulnerable Software and Affected Versions: NT web servers affected versions not specified Description: The issue allows attackers to read source code for active pages by appending a space at the end of a URL in some NT web servers. Recommendations: At the moment, there is no informati...

CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL...

Allaire ColdFusion Server 4.0.1 - 'CFCRYPT.EXE' Decrypt Pages

/ source: https://www.securityfocus.com/bid/275/info A vulnerability in ColdFusion allows pages encrypted with the CFCRYPT.EXE utility to be decrypted. ColdFusion supports the ability to "encrypt" the CFML templates in an application or component, using the CFCRYPT.EXE utility, so they can be...

Allaire ColdFusion Server 4.0.1 - CFCRYPT.EXE Decrypt Pages

Allaire ColdFusion Server 4.0.1 - CFCRYPT.EXE Decrypt Pages / source: https://www.securityfocus.com/bid/275/info A vulnerability in ColdFusion allows pages encrypted with the CFCRYPT.EXE utility to be decrypted. ColdFusion supports the ability to "encrypt" the CFML templates in an application or...

Microsoft IIS 3.04.0 Microsoft Personal Web Server 2.03.04.0 - ASP Alternate Data Streams

Microsoft IIS 3.04.0 Microsoft Personal Web Server 2.03.04.0 - ASP Alternate Data Streams source: https://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA t...

Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams

source: https://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returned, instead of executing the ASP. F...

Sun Java Web Server 1.1 Beta - Viewable .jhtml Source

source: https://www.securityfocus.com/bid/1891/info A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform. If a URL is submitted requesting a .jhtml file an HTML document with embedded Java sourc...

Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure

source: https://www.securityfocus.com/bid/2074/info Microsoft Internet Information Server IIS is a popular web server, providing support for a variety of scripting languages, including ASP active server pages. IIS 2.0 and 3.0 suffer from an issue allowing a remote user to retrieve the source code...

Microsoft IIS 2.03.0 - Appended Dot Script Source Disclosure

Microsoft IIS 2.03.0 - Appended Dot Script Source Disclosure source: https://www.securityfocus.com/bid/2074/info Microsoft Internet Information Server IIS is a popular web server, providing support for a variety of scripting languages, including ASP active server pages. IIS 2.0 and 3.0 suffer fro...

PT-1997-1112 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS version 3.0 Description: The issue allows remote intruders to read source code for ASP programs. This is achieved by using a %2e instead of a . dot in the URL. Recommendations: For IIS version 3.0, apply the necessary configuration change...