url encoded software vulnerabilities
vulnerabilities.aspcode.net
Searching url encoded software vulnerabilities
Oracle Web Listener 2.1 allows remote attackers
restrictions
|
HTTP-encoded
|
attackers
|
replacing
|
character
|
Listener
|
access
|
allows
|
Oracle
|
bypass
|
remote
|
its
|
Web
|
URL
|
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
T. Hauck Jana Webserver 1.46 and earlier allows
Webserver
|
Hauck
|
Jana
|
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
Microsoft IIS 4.0 and before, when installed on
partition
|
installed
|
Microsoft
|
attacker
|
encoded
|
Unicode
|
obtain
|
source
|
allows
|
before
|
remote
|
files
|
code
|
URL
|
FAT
|
IIS
|
ASP
|
via
|
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
OmniHTTPd 2.0.8 and earlier allow remote attack
OmniHTTPd
|
OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20).
vWebServer 1.2.0 allows remote attackers to vie
vWebServer
|
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
Encoded directory traversal vulnerability in Di
vulnerability
|
attackers
|
arbitrary
|
directory
|
traversal
|
Encoded
|
remote
|
allows
|
Dino's
|
server
|
files
|
read
|
via
|
web
|
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
admbrowse.php in FUDforum before 2.2.0 allows r
admbrowsephp
|
FUDforum
|
before
|
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
GoAhead Web Server 2.1.7 and earlier allows rem
GoAhead
|
Server
|
Web
|
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
Macromedia JRun 3.0, 3.1, and 4.0 allow remote
Macromedia
|
attackers
|
character
|
encoded
|
Unicode
|
source
|
remote
|
values
|
files
|
allow
|
view
|
JRun
|
code
|
URL
|
via
|
JSP
|
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
iisPROTECT 2.1 and 2.2 allows remote attackers
authentication
|
URL-encoded
|
iisPROTECT
|
characters
|
containing
|
attackers
|
request
|
remote
|
bypass
|
allows
|
HTTP
|
via
|
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.
The PL/SQL module for the Oracle HTTP Server in
WE8ISO8859P1
|
restrictions
|
Application
|
conversions
|
improperly
|
procedures
|
characters
|
sequences
|
character
|
attackers
|
converted
|
properly
|
perform
|
certain
|
encoded
|
bypass
|
module
|
PL/SQL
|
access
|
Oracle
|
Server
|
remote
|
allows
|
"%FF"
|
using
|
which
|
does
|
HTTP
|
10g
|
"Y"
|
via
|
URL
|
set
|
not
|
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
Directory traversal vulnerability in ParaChat S
vulnerability
|
attackers
|
arbitrary
|
traversal
|
Directory
|
ParaChat
|
remote
|
Server
|
allows
|
files
|
read
|
%5C
|
via
|
Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
blocker.php in Protector System 1.15b1 allows r
URL-encoded
|
protection
|
characters
|
blockerphp
|
attackers
|
Protector
|
injection
|
commands
|
limited
|
execute
|
allows
|
System
|
bypass
|
remote
|
115b1
|
"'"
|
SQL
|
via
|
blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27").
Netgear RP114 allows remote attackers to bypass
demonstrated
|
requesting
|
attackers
|
filtering
|
keyword
|
Netgear
|
allows
|
remote
|
bypass
|
number
|
large
|
using
|
based
|
RP114
|
long
|
%20
|
URL
|
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
GeoHttpServer, when configured to authenticate
authentication
|
GeoHttpServer
|
unauthorized
|
authenticate
|
configured
|
attackers
|
contains
|
%0a%0a
|
access
|
allows
|
remote
|
bypass
|
users
|
files
|
via
|
URL
|
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).
ClamAV 0.80 and earlier allows remote attackers
ClamAV
|
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
Mercur Messaging 2005 SP2 allows remote attacke
Messaging
|
Mercur
|
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").
Directory traversal vulnerability in jetty 6.0.
vulnerability
|
Directory
|
traversal
|
jetty
|
60x
|
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL.
Directory traversal vulnerability in IPCheck Se
vulnerability
|
533639/640
|
arbitrary
|
Directory
|
traversal
|
attackers
|
modified
|
IPCheck
|
Monitor
|
remote
|
before
|
Server
|
allows
|
files
|
read
|
via
|
Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).
Directory traversal vulnerability in httpd in R
vulnerability
|
URL-encoded
|
attackers
|
arbitrary
|
"%2e%2e/"
|
traversal
|
Directory
|
sequences
|
Landley
|
BusyBox
|
allows
|
remote
|
httpd
|
files
|
read
|
URI
|
via
|
Rob
|
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
Software vulnerabilities results 1 to 20 of 2533
Page:
1
2
3
4
5
...
127
►