Searching source software vulnerabilities

IIS 2.0 and 3.0 allows remote attackers to read

attackers | appending | source | allows | remote | pages | code | read | IIS | ASP |

IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.


Denial of service in RPC portmapper allows atta

portmapper | unregister | attackers | register | services | address | service | spoofed | source | allows | Denial | spoof | using | such | RPC |

Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.


IIS 3.0 with the iis-fix hotfix installed allow

installed | intruders | programs | instead | iis-fix | source | allows | hotfix | remote | using | read | code | IIS | %2e | ASP |

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.


The Java Web Server would allow remote users to

programs | remote | obtain | source | Server | allow | users | would | code | Java | CGI | Web |

The Java Web Server would allow remote users to obtain the source code for CGI programs.


In some NT web servers, appending a space at th

appending | attackers | servers | active | source | pages | allow | space | read | some | code | end | web | may | URL |

In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.


Versions of rpcbind including Linux, IRIX, and

including | Venema's | attacker | spoofing | Versions | rpcbind | address | entries | insert | delete | source | Wietse | remote | Linux | allow | IRIX |

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.


The installation of Sun Source (sunsrc) tapes a

installation | Source | Sun |

The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.


Cisco routers 9.17 and earlier allow remote att

routers | Cisco |

Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.


shell-lock in Cactus Software Shell Lock uses w

encryption | shell-lock | Software | Cactus | Shell | weak | Lock | uses |

shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.


Allaire JRun 2.3 server allows remote attackers

executable | attackers | SSIFilter | directly | content | Allaire | servlet | calling | remote | allows | server | source | obtain | JRun | code |

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.


Unify ServletExec AS v3.0C allows remote attack

ServletExec | characters | attackers | request | source | remote | allows | "%20" | pages | Unify | such | ends | HTTP | read | v30C | code | "+" | JSP | via |

Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".


JRun 3.0 and 3.1 running on JRun Web Server (JW

running | Server | JRun | Web |

JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".


GoAhead Web Server 2.1.7 and earlier allows rem

GoAhead | Server | Web |

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.


Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when r

permissions | Hummingbird | attackers | CyberDOCS | insecure | running | allows | remote | source | script | which | files | read | uses | code | IIS |

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.


TinyWeb 1.9 allows remote attackers to read sou

attackers | scripts | TinyWeb | source | allows | remote | "//" | read | code | URL | via |

TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.


Unspecified vulnerability in the Apple Mac OS X

vulnerability | Unspecified | kernel | before | Apple | Mac |

Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.


CHXO Feedsplitter 2006-01-21 allows remote atta

feedsplitterphp | Feedsplitter | showsource | 2006-01-21 | attackers | function | source | allows | remote | read | CHXO | code | via |

CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.


Teredo clients, when source routing is enabled,

source-routed | encapsulated | recognize | attackers | gateways | policies | Internet | certain | packets | routing | clients | enabled | Teredo | bypass | remote | packet | header | source | which | might | allow | send | IPv6 | drop | next | hop | all |

Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.


download.php in McGallery 0.5b allows remote at

downloadphp | attackers | arbitrary | parameter | McGallery | filename | obtain | script | source | allows | remote | files | code | read | 05b | via |

download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.


Webbler CMS before 3.1.6 provides the full inst

Webbler | before | CMS |

Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php.


Software vulnerabilities results 1 to 20 of 266     
Page: 12345...14