1381 matches found
Thunderstone TEXIS 3.0 - Full Path Disclosure
Thunderstone TEXIS 3.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/4035/info A vulnerability in TEXIS allows an attacker to view the full path to the web root. If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the pat...
Thunderstone TEXIS 3.0 - Full Path Disclosure
source: https://www.securityfocus.com/bid/4035/info A vulnerability in TEXIS allows an attacker to view the full path to the web root. If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the path to the web root. System information may also...
JRun SSI Request Body Parsing
Vulnerable Products: JRun Java application server from Allaire. All current versions with latest security patches as of November 2001 are believed to be affected, including 2.3.3, 3.0, and 3.1. Impact: Revealing of source code to Java Server Pages, and other protected files inside the web root...
CVE-2001-0760
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field...
CVE-1999-1374
perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request...
CVE-2001-0495
Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. dot dot attack...
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of...
CVE-2001-0263
Gene6 G6 FTP Server 2.0 aka BPFTP Server 2.10 allows attackers to read file attributes outside of the web root via the 1 SIZE and 2 MDTM commands when the "show relative paths" option is not enabled...
CVE-2001-0263
Gene6 G6 FTP Server 2.0 (BPFTP Server 2.10) is affected by an information-disclosure flaw where attackers can read file attributes outside the FTP root via SIZE and MDTM when the show relative paths option is disabled. Root cause: inadequate restriction of access to attributes outside the FTP roo...
Vulnerabilities in BRS WebWeaver
----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in BRS WebWeaver Overview BRS WebWeaver v0.63 is a combined ftp and web server available from http://bsoutham.home.dhs.org. Vulnerabilities exist in the web server which allow remote users to break out of the web roo...
Vulnerabilities in Pi3Web Server
----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in Pi3Web Server Overview Pi3Web v1.0.1 is a web server available from http://www.zdnet.com. A vulnerability exists in the server's internal ISAPI handling procedures which results in a buffer overflow. The server al...
HSWeb HTTP Server /cgi Directory Request Path Disclosure (deprecated)
It is possible to request the physical location of the remote web root by requesting the folder '/cgi'. An attacker can exploit this flaw to gain more knowledge about this host. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 C...
Vulnerability in Free Java Web Server
Vulnerability in Free Java Web Server Overview Free Java Web Server v1.0 is a Java web server available from http://www.download.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths ie: '..', '...'. Details http://localhost/../file outside web...
PT-2000-1640 · Pccs · Pccs Mysqldatabase Admin Tool Manager
Name of the Vulnerable Software and Affected Versions: PCCS MySQLDatabase Admin Tool Manager versions 1.2.4 and earlier Description: The issue allows remote attackers to obtain sensitive information, such as the administrative password, because the file dbconnect.inc is installed within the web...
Armada Design Master Index 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1772/info Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' .../ of the web root directory and view/download any file which...
FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure
source: https://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. Any file can be specified as an image map in the URL. htimage.exe wi...
CVE-1999-0882
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...
CVE-1999-0882
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...
PT-1999-1490 · Wwwboard · Wwwboard
Name of the Vulnerable Software and Affected Versions: WWWBoard affected versions not specified Description: The issue concerns the storage of encrypted passwords in a password file located under the web root, making it accessible to remote attackers. Recommendations: At the moment, there is no...
Netscape Enterprise Server 3.x4.x - PageServices Information Disclosure
Netscape Enterprise Server 3.x4.x - PageServices Information Disclosure source: https://www.securityfocus.com/bid/7621/info A vulnerability has been reported for Netscape Enterprise Server. The problem is said to occur while processing HTTP queries containing the '?PageServices' URI parameter...