Searching pages software vulnerabilities

IIS 2.0 and 3.0 allows remote attackers to read

attackers | appending | source | allows | remote | pages | code | read | IIS | ASP |

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.


In some NT web servers, appending a space at th

appending | attackers | servers | active | source | pages | allow | space | read | some | code | end | web | may | URL |

In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.


Unify ServletExec AS v3.0C allows remote attack

ServletExec | characters | attackers | request | source | remote | allows | "%20" | pages | Unify | such | ends | HTTP | read | v30C | code | "+" | JSP | via |

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".


Backdoor in auth.php3 in Phorum 3.0.7 allows re

authphp3 | Backdoor | Phorum |

Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".


BEA Systems WebLogic Express and WebLogic Serve

restricted | attackers | controls | multiple | WebLogic | SP1-SP6 | Systems | Express | servlet | access | allows | Server | bypass | remote | pages | URL | BEA | JSP | via |

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.


Buffer overflow in Netscape SmartDownload 1.3 a

SmartDownload | attackers | Netscape | overflow | remote | Buffer | allows |

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.


Tektronix PhaserLink 850 does not require authe

PhaserLink | Tektronix |

Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages.


Unknown vulnerability in binfmt_misc in the Lin

vulnerability | binfmt_misc | Unknown | kernel | before | Linux |

Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.


Oracle 9iAS 1.0.2.x compiles JSP files in the _

world-readable | permissions | information | directory | attackers | sensitive | usernames | passwords | including | compiles | request | derived | remote | direct | obtain | Oracle | _pages | allows | files | under | which | 102x | HTTP | 9iAS | code | root | JSP | web | via |

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.


Cross-site scripting (XSS) vulnerability in Ver

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to inject arbitrary web script or HTML via the error pages.


Format string vulnerability in the administrati

administrative | vulnerability | Application | module | Oracle | PL/SQL | Format | string | Server | pages |

Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.


Unknown vulnerability in Novell iChain 2.2 befo

authentication | vulnerability | restricted | Support | Unknown | without | access | secure | before | iChain | Novell | allows | users | pages | Pack |

Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.


web-tools in SAP DB before 7.4.03.30 allows rem

web-tools | before | SAP |

web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.


Multiple "missing security checks" in Firefox b

security | "missing | Multiple | Firefox | checks" | before |

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.


Exponent CMS 0.96.3 and later versions stores s

Exponent | CMS |

Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.


CRLF injection vulnerability in inc/function.ph

inc/functionphp | MyBulletinBoard | vulnerability | injection | CRLF |

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.


PHP remote file inclusion vulnerability in Reda

vulnerability | inclusion | Redaxo | remote | file | PHP |

PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.


Multiple PHP remote file inclusion vulnerabilit

REX[INCLUDE_PATH] | vulnerabilities | attackers | arbitrary | inclusion | parameter | Multiple | execute | Redaxo | remote | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.


Microsoft Internet Explorer 5.01 and 6 allows c

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."


LiteWEB 2.7 allows remote attackers to cause a

attackers | LiteWEB | service | denial | allows | remote | cause |

LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.


Software vulnerabilities results 1 to 20 of 156     
Page: 12345...8