761 matches found
CVE-2013-5576
administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . dot...
domain_dot
This plugin finds misconfigurations in the virtual host settings by sending a specially crafted request with a trailing dot in the domain name. For example, if the input for this plugin is http://host.tld/ , the plugin will perform a request to http://host.tld./ . In some misconfigurations, the...
Input validation
boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...
(ospf6d): Denial of service by decoding malformed Database Description packet headers
The ospf6lsaischanged function in ospf6lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service assertion failure and daemon exit via trailing zero values in the Link State Advertisement LSA header list of an IPv6 Database...
IOServer "Root Directory" Trailing Backslash Multiple Vulnerabilities
Exploit for windows platform in category web applications ===================================================================== BEGIN Foofus.net Security Advisory: foofus-20120817 BEGIN ===================================================================== Title: IOServer "Root Directory" Trailing...
IOServer 1.0.18.0 Directory Traversal / File Download
===================================================================== BEGIN Foofus.net Security Advisory: foofus-20120817 BEGIN ===================================================================== Title: IOServer "Root Directory" Trailing Backslash Web Server Vuln Allows: Arbitrary File Access,...
CVE-2012-1464
Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party informatio...
CVE-2011-3324
The ospf6lsaischanged function in ospf6lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service assertion failure and daemon exit via trailing zero values in the Link State Advertisement LSA header list of an IPv6 Database...
Design/Logic Flaw
The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing 1 space or 2 %2e encoded dot...
Mozilla Cookie isolation error (MFSA 2011-24)
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...
Mozilla Cookie isolation error (MFSA 2011-24)
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...
Mozilla Cookie isolation error (MFSA 2011-24)
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...
Mongoose URI Trailing Slash Request Source Code Disclosure
The version of the Mongoose web server running on the remote host discloses the source code of files such as PHP scripts when a trailing slash '/' is appended to a URL. An unauthenticated, remote attacker can leverage this issue to disclose the source of scripts, which may contain passwords and...
Code injection
InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI, as demonstrated by /index.html%20 and /index.php%20 URIs...
PT-2009-6627 · Intervations · Intervations Navicopa Web Server
Name of the Vulnerable Software and Affected Versions: InterVations NaviCOPA Web Server versions 3.0.1.2 and earlier Description: The issue allows remote attackers to obtain the source code for a web page via a trailing encoded space character in a URI. This can be demonstrated by accessing URIs...
lighttpd 1.4.23 Trailing Slash信息泄漏漏洞
No description provided by source...
Webboard <= v.2.90 beta Remote File Disclosure Vulnerability
Exploit for unknown platform in category web applications ============================================================ Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================ Webboard = v.2.90 beta Remote File Disclosure Vulnerabili...
212Cafe WebBoard 2.90 Beta - Remote File Disclosure
Webboard = v.2.90 beta Remote File Disclosure Vulnerability ============================================================= Author: MrDoug Email: mrdoug13 at gmail dot com Greetz to all my friends ============================================================= There are 3 vulnerable calls to fopen in...
Lighttpd <= 1.4.23 'Trailing Slash' Information Disclosure Vulnerability
Lighttpd is prone to an information disclosure vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Lighttpd 1.4.23 Source Code Disclosure Vulnerability (FreeBSD/OSX bug)
Exploit for multiple platform in category remote exploits ====================================================================== Lighttpd 1.4.23 Source Code Disclosure Vulnerability FreeBSD/OSX bug ====================================================================== Severe vulnerability in...