CVE-2001-0709

Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode...

CVE-2001-0709

Vulnerability summary (CVE-2001-0709): Microsoft IIS 4.0 and earlier, when installed on a FAT partition, is susceptible to remote disclosure of ASP source code. An attacker can obtain the source by requesting a URL encoded with Unicode. The description in the provided documents confirms the expos...

CVE-2001-1455

Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters...

CVE-2001-0521

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document...

CVE-2001-0601

Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters...

Обход Trend Micro AppletTrap (protection bypass)

Можно обойти защиту от Javascript Используя Unicode - кодировку...

CVE-2001-0601

Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters...

CVE-2001-0521

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document...

CVE-2001-0601

CVE-2001-0601 affects Lotus Domino R5 before 5.0.7. The vulnerability allows a remote attacker to cause a denial of service by sending HTTP requests that contain certain combinations of UNICODE characters. The DoS is related to availability impact and is described as partial. Root cause is proces...

CVE-2001-0521

CVE-2001-0521 affects Aladdin eSafe Gateway versions 3.0 and earlier. The issue allows a remote attacker to bypass the gateway’s HTML SCRIPT filtering by using Unicode-encoded SCRIPT tags within the HTML document. This describes a filtering bypass in the web gateway; the documents do not provide ...

Lotus Domino vulnerable to DoS via crafted unicode GET request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation. Description Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the...

Aladdin eSafe Gateway Script-filtering Bypass through Unicode Vulnerability

29 May 2001 This is the third of 3 sequential advisories we are issuing regarding Aladdin eSafe Gateway. Status -------- The entire content of this advisory was reviewed and acknowledged by Aladdin. Product Background -------------------------- eSafe Gateway is an Internet Content Security produc...

Vulnerability discovered in SpearHead NetGap

Background --------------- SpearHead's NetGAP™ appliance physically disconnects a company's network from the Internet. The product consists of two separate computers, an Untrusted CPU and a Trusted CPU, that are never directly connected at any given time. NetGap™ includes a content checking engin...

Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass

Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass source: https://www.securityfocus.com/bid/2801/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway...

Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass

source: https://www.securityfocus.com/bid/2801/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply encoding the tag in Unicode format, such that the filter...

Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure

Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be...

Re: def-2001-14: Bea Weblogic Unicode Directory Browsing

It is interesting to note that similar in fact, worse behaviour is exhibited in both Weblogic 4.5.1 and 5.1. Appending a '00' to the end of a .jsp request retrieves the source of the jsp. So far I have been able to demonstrate this on several, but not all of my weblogic farm. Results look somethi...

def-2001-14: Bea Weblogic Unicode Directory Browsing

====================================================================== Defcom Labs Advisory def-2001-14 Bea Weblogic Unicode Directory Browsing Author: Peter Grьndl [email protected] Release Date: 2001-03-26 ======================================================================...

Michael Lamont Savant HTTP Server 2.1 - Directory Traversal

Michael Lamont Savant HTTP Server 2.1 - Directory Traversal source: https://www.securityfocus.com/bid/2697/info It is possible for an attacker to traverse the web folders of a Savant HTTP Server. Submitting a URL referring to a known directory or file, and appended with specific unicode character...

Michael Lamont Savant HTTP Server 2.1 - Directory Traversal

source: https://www.securityfocus.com/bid/2697/info It is possible for an attacker to traverse the web folders of a Savant HTTP Server. Submitting a URL referring to a known directory or file, and appended with specific unicode characters, will disclose the contents of the requested resource. The...