Searching meta inf software vulnerabilities

Caucho Resin 1.3b1 and earlier allows remote at

attackers | specifier | inserting | Javabean | request | earlier | WEB-INF | Caucho | source | remote | before | allows | Resin | files | HTTP | read | 13b1 | code | jsp |

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.


Directory traversal vulnerability in JavaServer

vulnerability | JavaServer | Directory | traversal | Kit | Dev | Web |

Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.


Macromedia JRun 3.0 through 4.0, when running o

configuration | information | Macromedia | directory | attackers | retrieve | trailing | contains | WEB-INF | request | running | Windows | through | allows | remote | class | files | which | Java | JRun | dot | via |

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


HP Application Server 8.0, when running on Wind

configuration | Application | information | attackers | directory | contains | trailing | retrieve | request | running | Windows | WEB-INF | remote | Server | allows | files | which | class | Java | dot | via |

HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


jo! jo Webserver 1.0, when running on Windows,

configuration | information | attackers | directory | Webserver | contains | trailing | retrieve | request | running | WEB-INF | Windows | remote | allows | files | which | class | Java | dot | via |

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


Oracle Oracle9i Application Server 1.0.2.2 and

Application | Oracle9i | Server | Oracle |

Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


Orion Application Server 1.5.3, when running on

Application | Server | Orion |

Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


Pramati Server 3.0, when running on Windows, al

configuration | information | attackers | directory | retrieve | contains | trailing | running | Pramati | WEB-INF | Windows | request | Server | allows | remote | files | which | class | Java | dot | via |

Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


Sybase Enterprise Application Server 4.0, when

configuration | information | Application | Enterprise | attackers | directory | retrieve | trailing | contains | WEB-INF | request | running | Windows | allows | Sybase | remote | Server | files | which | class | Java | dot | via |

Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").


Caucho Technology Resin 2.1.12 allows remote at

Technology | Caucho | Resin |

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.


Internet Explorer 6 allows remote attackers to

attackers | Explorer | Internet | service | denial | allows | remote | cause |

Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.


webadmin-apache.conf in Novell Web Manager of N

webadmin-apacheconf | inconsistent | uppercase | lowercase | attackers | directory | NetWare | Manager | control | WEB-INF | allows | remote | Novell | bypass | folder | access | volume | Alias | which | uses | Web | tag |

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.


ColdFusion 6.1 Updater 1 places Java .class fil

/WEB-INF/cfclasses | information | ColdFusion | sensitive | attackers | directory | Updater | places | allows | remote | obtain | files | under | which | class | Java | root | web |

ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.


admin.php in QualityEBiz Quality PPC (QPPC) 1.0

QualityEBiz | adminphp | Quality | PPC |

admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.


Pioneers meta-server before 0.9.55, when the se

meta-server | Pioneers | before |

Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.


Buffer overflow in the meta_read_flac function

meta_read_flac | meta_decoderc | Aqualung | function | overflow | earlier | 09beta5 | Buffer | CVS |

Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file.


The safevoid_vsnprintf function in Metamod-P 1.

safevoid_vsnprintf | attackers | Metamod-P | function | service | Windows | earlier | 119p29 | denial | remote | allows | cause |

The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.


Directory traversal vulnerability in Caucho Res

vulnerability | Professional | Directory | traversal | Caucho | Resin |

Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.


Cross-site scripting (XSS) vulnerability in May

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.


Software vulnerabilities results 1 to 20 of 40     
Page: 123