1374 matches found
CVE-2001-0263
Gene6 G6 FTP Server 2.0 aka BPFTP Server 2.10 allows attackers to read file attributes outside of the web root via the 1 SIZE and 2 MDTM commands when the "show relative paths" option is not enabled...
CVE-2001-0263
Gene6 G6 FTP Server 2.0 (BPFTP Server 2.10) is affected by an information-disclosure flaw where attackers can read file attributes outside the FTP root via SIZE and MDTM when the show relative paths option is disabled. Root cause: inadequate restriction of access to attributes outside the FTP roo...
Vulnerabilities in BRS WebWeaver
----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in BRS WebWeaver Overview BRS WebWeaver v0.63 is a combined ftp and web server available from http://bsoutham.home.dhs.org. Vulnerabilities exist in the web server which allow remote users to break out of the web roo...
Vulnerabilities in Pi3Web Server
----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in Pi3Web Server Overview Pi3Web v1.0.1 is a web server available from http://www.zdnet.com. A vulnerability exists in the server's internal ISAPI handling procedures which results in a buffer overflow. The server al...
HSWeb HTTP Server /cgi Directory Request Path Disclosure (deprecated)
It is possible to request the physical location of the remote web root by requesting the folder '/cgi'. An attacker can exploit this flaw to gain more knowledge about this host. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 C...
Vulnerability in Free Java Web Server
Vulnerability in Free Java Web Server Overview Free Java Web Server v1.0 is a Java web server available from http://www.download.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths ie: '..', '...'. Details http://localhost/../file outside web...
PT-2000-1640 · Pccs · Pccs Mysqldatabase Admin Tool Manager
Name of the Vulnerable Software and Affected Versions: PCCS MySQLDatabase Admin Tool Manager versions 1.2.4 and earlier Description: The issue allows remote attackers to obtain sensitive information, such as the administrative password, because the file dbconnect.inc is installed within the web...
Armada Design Master Index 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1772/info Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' .../ of the web root directory and view/download any file which...
FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure
source: https://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. Any file can be specified as an image map in the URL. htimage.exe wi...
CVE-1999-0882
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...
CVE-1999-0882
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...
PT-1999-1490 · Wwwboard · Wwwboard
Name of the Vulnerable Software and Affected Versions: WWWBoard affected versions not specified Description: The issue concerns the storage of encrypted passwords in a password file located under the web root, making it accessible to remote attackers. Recommendations: At the moment, there is no...
Netscape Enterprise Server 3.x/4.x - PageServices Information Disclosure
source: https://www.securityfocus.com/bid/7621/info A vulnerability has been reported for Netscape Enterprise Server. The problem is said to occur while processing HTTP queries containing the '?PageServices' URI parameter. After processing this query the affected server may disclose the contents ...
Netscape Enterprise Server 3.x4.x - PageServices Information Disclosure
Netscape Enterprise Server 3.x4.x - PageServices Information Disclosure source: https://www.securityfocus.com/bid/7621/info A vulnerability has been reported for Netscape Enterprise Server. The problem is said to occur while processing HTTP queries containing the '?PageServices' URI parameter...