Searching requesting software vulnerabilities

IIS 4.0 allows a remote attacker to obtain the

non-existent | requesting | extensions | pathname | document | attacker | remote | allows | obtain | files | root | real | IIS | idq | ida |

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.


The default configuration of Serv-U 2.5d and ea

configuration | requesting | attackers | determine | directory | pathname | default | earlier | server | allows | remote | Serv-U | exist | file | does | real | 25d | not | URL |

The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.


The Linux 2.2.x kernel does not restrict the nu

requesting | paremeter | restrict | wmem_max | sockets | service | defined | kernel | allows | denial | number | domain | large | users | Linux | cause | which | local | does | Unix | not | 22x |

The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max paremeter, which allows local users to cause a denial of service by requesting a large number of sockets.


The shtml.exe component of Microsoft FrontPage

Microsoft | FrontPage | component | shtmlexe |

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.


The shtml.exe component of Microsoft FrontPage

Microsoft | FrontPage | component | shtmlexe |

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.


The administration module in Sun Java web serve

comsunserverhttppagecompilejsp92JspServlet | administration | requesting | arbitrary | attackers | /servlet/ | uploading | commands | execute | invoke | module | begins | remote | allows | server | Java | code | web | tag | URL | Sun |

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.


ICQ Web Front HTTPd allows remote attackers to

requesting | attackers | character | contains | service | denial | remote | allows | HTTPd | Front | cause | ICQ | Web | URL |

ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.


BroadVision One-To-One Enterprise allows remote

BroadVision | requesting | Enterprise | One-To-One | determine | attackers | physical | server | allows | remote | exist | files | name | does | path | file | not | JSP |

BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.


Lotus Domino Web Server 5.x allows remote attac

$defaultNav | information | navigator | attackers | sensitive | accessing | default | Server | Domino | remote | allows | Lotus | gain | via | Web |

Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.


Forms.exe CGI program in ValiCert Enterprise Va

Enterprise | Validation | Authority | ValiCert | Formsexe | program | CGI |

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.


Xcache 2.1 allows remote attackers to determine

Content-PageName | requesting | determine | documents | attackers | pathname | absolute | returns | Xcache | cached | allows | header | server | remote | which | full | path | web | URL | not |

Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.


EFTP 2.0.7.337 allows remote attackers to obtai

EFTP |

EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.


Agora.cgi 3.2r through 4.0 while in debug mode

non-existent | requesting | attackers | determine | pathname | Agoracgi | through | message | allows | remote | which | debug | leaks | while | error | html | mode | full | file | 32r |

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.


Oracle 9i Application Server stores XSQL and SO

configuration | information | Application | insecurely | requesting | sensitive | including | usernames | passwords | Server | obtain | stores | Oracle | allows | which | files | users | local | XSQL | SOAP |

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.


MidiCart stores the midicart.mdb database file

midicartmdb | information | requesting | sensitive | attackers | document | directly | database | MidiCart | remote | stores | allows | under | steal | which | file | root | Web |

MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.


PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x all

insufficiently | PeopleTools | PeopleSoft | uploading | arbitrary | attackers | guessing | commands | Servlet | IClient | execute | allows | random | remote | file | 81x | 84x | 82x |

PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.


The web interface for Crystal Reports allows re

interface | attackers | Reports | service | Crystal | denial | allows | remote | cause | web |

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.


Netgear RP114 allows remote attackers to bypass

demonstrated | requesting | attackers | filtering | keyword | Netgear | allows | remote | bypass | number | large | using | based | RP114 | long | %20 | URL |

Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.


functions.php in Ragnarok Online Control Panel

functionsphp | Ragnarok | Control | Online | Panel |

functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.


The bridge ioctl (if_bridge code) in NetBSD 1.6

bridge | ioctl |

The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.


Software vulnerabilities results 1 to 20 of 42     
Page: 123