real software vulnerabilities
vulnerabilities.aspcode.net
Searching real software vulnerabilities
In IIS, an attacker could determine a real path
non-existent
|
interpreted
|
determine
|
attacker
|
request
|
would
|
using
|
could
|
Perl
|
path
|
real
|
IIS
|
URL
|
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .
Groupwise web server GWWEB.EXE allows remote at
attackers
|
determine
|
parameter
|
Groupwise
|
GWWEBEXE
|
server
|
allows
|
remote
|
HELP
|
path
|
real
|
web
|
via
|
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
Real Media RealServer (rmserver) 6.0.3.353 stor
RealServer
|
Media
|
Real
|
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
Lotus Domino HTTP server allows remote attacker
non-existent
|
attackers
|
determine
|
/cgi-bin
|
request
|
Domino
|
script
|
allows
|
remote
|
server
|
Lotus
|
real
|
HTTP
|
path
|
via
|
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin.
WebSite Pro allows remote attackers to determin
webdirectories
|
attackers
|
determine
|
malformed
|
pathname
|
WebSite
|
request
|
remote
|
allows
|
real
|
Pro
|
URL
|
via
|
WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
IIS 4.0 allows a remote attacker to obtain the
non-existent
|
requesting
|
extensions
|
pathname
|
document
|
attacker
|
remote
|
allows
|
obtain
|
files
|
root
|
real
|
IIS
|
idq
|
ida
|
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
The W3C CERN httpd HTTP server allows remote at
nonexistent
|
attackers
|
determine
|
pathnames
|
commands
|
request
|
server
|
allows
|
remote
|
httpd
|
some
|
HTTP
|
real
|
CERN
|
URL
|
W3C
|
via
|
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
The default configuration of Serv-U 2.5d and ea
configuration
|
requesting
|
attackers
|
determine
|
directory
|
pathname
|
default
|
earlier
|
server
|
allows
|
remote
|
Serv-U
|
exist
|
file
|
does
|
real
|
25d
|
not
|
URL
|
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
Ceilidh allows remote attackers to obtain the r
translated_path
|
attackers
|
directory
|
Ceilidh
|
hidden
|
remote
|
allows
|
obtain
|
field
|
form
|
real
|
path
|
via
|
Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.
WFTPD and WFTPD Pro 2.41 allows remote attacker
WFTPD
|
Pro
|
WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.
The sample Java servlet "test" in Bajie HTTP we
pathname
|
document
|
reveals
|
servlet
|
server
|
sample
|
"test"
|
Bajie
|
real
|
HTTP
|
Java
|
030a
|
root
|
web
|
The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
FaSTream FTP++ Server 2.0 allows remote attacke
attackers
|
FaSTream
|
pathname
|
command
|
obtain
|
Server
|
allows
|
remote
|
"pwd"
|
FTP++
|
real
|
via
|
FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command.
IBM Websphere/NetCommerce3 3.1.2 allows remote
Websphere/NetCommerce3
|
IBM
|
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
BRS WebWeaver FTP server before 0.64 Beta allow
WebWeaver
|
server
|
before
|
BRS
|
FTP
|
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
Multiple buffer overflows in the Real-Time Stre
Real-Time
|
Streaming
|
overflows
|
Protocol
|
Multiple
|
buffer
|
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
Integer overflow in the real_setup_and_get_head
real_setup_and_get_header
|
attackers
|
function
|
overflow
|
MPlayer
|
service
|
Integer
|
remote
|
denial
|
10pre5
|
allows
|
cause
|
realc
|
Unix
|
Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.
Multiple unknown vulnerabilities in Real Estate
vulnerabilities
|
Management
|
Multiple
|
Software
|
unknown
|
vectors
|
impact
|
attack
|
Estate
|
Real
|
have
|
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.
Unspecified vulnerability in Mantis before 0.19
vulnerability
|
Unspecified
|
before
|
Mantis
|
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
** DISPUTED ** PHP remote file inclusion vulne
vulnerability
|
inclusion
|
indexphp
|
gnopaste
|
DISPUTED
|
remote
|
file
|
PHP
|
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable.
WebAPP before 0.9.9.5 does not "censor" the Lat
before
|
WebAPP
|
WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
Software vulnerabilities results 1 to 20 of 82
Page:
1
2
3
4
5
►