Lucene search
+L

1381 matches found

exploitpack
exploitpack
added 2002/02/06 12:0 a.m.21 views

Thunderstone TEXIS 3.0 - Full Path Disclosure

Thunderstone TEXIS 3.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/4035/info A vulnerability in TEXIS allows an attacker to view the full path to the web root. If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the pat...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/02/06 12:0 a.m.41 views

Thunderstone TEXIS 3.0 - Full Path Disclosure

source: https://www.securityfocus.com/bid/4035/info A vulnerability in TEXIS allows an attacker to view the full path to the web root. If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the path to the web root. System information may also...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/11/29 12:0 a.m.37 views

JRun SSI Request Body Parsing

Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...

7.8AI score
Exploits0
NVD
NVD
added 2001/10/18 4:0 a.m.17 views

CVE-2001-0760

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field...

5CVSS6.6AI score0.03605EPSS
Exploits1References4
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.28 views

CVE-1999-1374

perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request...

6.3AI score0.01936EPSS
Exploits1References1
NVD
NVD
added 2001/06/27 4:0 a.m.16 views

CVE-2001-0495

Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. dot dot attack...

5CVSS6.6AI score0.08535EPSS
Exploits1References4
exploitpack
exploitpack
added 2001/06/21 12:0 a.m.12 views

1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure

1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of...

Exploits0
NVD
NVD
added 2001/06/18 4:0 a.m.10 views

CVE-2001-0263

Gene6 G6 FTP Server 2.0 aka BPFTP Server 2.10 allows attackers to read file attributes outside of the web root via the 1 SIZE and 2 MDTM commands when the "show relative paths" option is not enabled...

7.5CVSS6.7AI score0.02424EPSS
Exploits0References3
CVE
CVE
added 2001/05/24 4:0 a.m.50 views

CVE-2001-0263

Gene6 G6 FTP Server 2.0 (BPFTP Server 2.10) is affected by an information-disclosure flaw where attackers can read file attributes outside the FTP root via SIZE and MDTM when the show relative paths option is disabled. Root cause: inadequate restriction of access to attributes outside the FTP roo...

7.5CVSS6.7AI score0.02424EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2001/05/03 12:0 a.m.34 views

Vulnerabilities in BRS WebWeaver

----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in BRS WebWeaver Overview BRS WebWeaver v0.63 is a combined ftp and web server available from http://bsoutham.home.dhs.org. Vulnerabilities exist in the web server which allow remote users to break out of the web roo...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2001/02/16 12:0 a.m.26 views

Vulnerabilities in Pi3Web Server

----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in Pi3Web Server Overview Pi3Web v1.0.1 is a web server available from http://www.zdnet.com. A vulnerability exists in the server's internal ISAPI handling procedures which results in a buffer overflow. The server al...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/02/08 12:0 a.m.32 views

HSWeb HTTP Server /cgi Directory Request Path Disclosure (deprecated)

It is possible to request the physical location of the remote web root by requesting the folder '/cgi'. An attacker can exploit this flaw to gain more knowledge about this host. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 C...

6.6AI score0.0602EPSS
Exploits1References2
securityvulns
securityvulns
added 2001/02/06 12:0 a.m.39 views

Vulnerability in Free Java Web Server

Vulnerability in Free Java Web Server Overview Free Java Web Server v1.0 is a Java web server available from http://www.download.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths ie: '..', '...'. Details http://localhost/../file outside web...

0.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2000/10/20 12:0 a.m.7 views

PT-2000-1640 · Pccs · Pccs Mysqldatabase Admin Tool Manager

Name of the Vulnerable Software and Affected Versions: PCCS MySQLDatabase Admin Tool Manager versions 1.2.4 and earlier Description: The issue allows remote attackers to obtain sensitive information, such as the administrative password, because the file dbconnect.inc is installed within the web...

7.5CVSS6.4AI score0.01612EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2000/07/18 12:0 a.m.28 views

Armada Design Master Index 1.0 - Directory Traversal

source: https://www.securityfocus.com/bid/1772/info Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' .../ of the web root directory and view/download any file which...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/04/19 12:0 a.m.24 views

FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure

source: https://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. Any file can be specified as an image map in the URL. htimage.exe wi...

7AI score
Exploits0
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.18 views

CVE-1999-0882

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...

6.7AI score0.01897EPSS
Exploits0References1
NVD
NVD
added 1999/10/28 4:0 a.m.11 views

CVE-1999-0882

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...

5CVSS6.7AI score0.01897EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 1999/09/16 12:0 a.m.7 views

PT-1999-1490 · Wwwboard · Wwwboard

Name of the Vulnerable Software and Affected Versions: WWWBoard affected versions not specified Description: The issue concerns the storage of encrypted passwords in a password file located under the web root, making it accessible to remote attackers. Recommendations: At the moment, there is no...

10CVSS6.4AI score0.08604EPSS
Exploits0References4
exploitpack
exploitpack
added 1998/08/16 12:0 a.m.14 views

Netscape Enterprise Server 3.x4.x - PageServices Information Disclosure

Netscape Enterprise Server 3.x4.x - PageServices Information Disclosure source: https://www.securityfocus.com/bid/7621/info A vulnerability has been reported for Netscape Enterprise Server. The problem is said to occur while processing HTTP queries containing the '?PageServices' URI parameter...

0.2AI score
Exploits0
Rows per page
Query Builder