漏洞类别:CGI漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server. The WebLogic Server can be integrated with third-party Web servers. This is accomplished by a plug-in that allows the third-party Web server to proxy req…
漏洞类别:Web server漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server. Some versions of BEA Systems Weblogic Server contain a vulnerability allowing unauthorized users to view the source of .jsp and .jhtml pages resid…
漏洞类别:Web server漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an enterprise-level Web and wireless application server. BEA incorrectly handles .jsp and .jhtml files, allowing remote compilation and execution of jsp code. When the deployment environment is not prope…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft's IIS Versions 2.0 and 3.0 contain a vulnerability that allows unauthorized remote users to crash the service by requesting a particularly long address. 漏洞危害 By exploiting this vulnerability, unauthorized users can perform a…
漏洞类别:Web server漏洞等级: 漏洞信息 Some versions of Microsoft's IIS Version 4.0 allow users to retrieve a dynamic Web page (such as those generated by .asp or PERL scripts) regardless of the HTTP method name, even though only the GET method is defined in the protocol f…
漏洞类别:Web server漏洞等级: 漏洞信息 IBM HTTP Server is a Web server powered by Apache. The Windows NT version is subject to the following denial of service vulnerability: Issuing an unusually long GET request comprised of approximately 219 characters will cause the serv…
漏洞类别:Web server漏洞等级: 漏洞信息 602Pro LAN SUITE is an application that provides connection sharing, as well as e-mail and fax services for networks. Remote administration capabilities exist through an integrated HTTP Server. A buffer overflow can occur within the r…
漏洞类别:Web server漏洞等级: 漏洞信息 NetSnap is a Web cam application that transmits images, enabling the user to directly publish footage from the camera to the Web. NetSnap is shipped with an HTTP server. NetSnap is subject to a buffer overflow attack because of it's h…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS Version 3.0 contains a source disclosure vulnerability. It will return the source code of various server side script files, such as ASP files, if the filename in the URL request contains "%2e", which is the hex value for…
漏洞类别:Web server漏洞等级: 漏洞信息 By sending a specially-crafted request comprised of approximately 198 to 240 characters with a .shtml (default) file extension, unauthorized users can cause a buffer overflow and execute arbitrary code. This is due to the way iPlanet …
漏洞类别:Web server漏洞等级: 漏洞信息 There is a vulnerability in the code that handles error logging on PHP scripts. Unauthorized users can exploit this vulnerability by crafting a string containing malicious format specifiers. 漏洞危害 If successfully exploited, malicious u…
漏洞类别:Web server漏洞等级: 漏洞信息 Any user from any host can obtain a list of packages installed on a S.u.S.E Version 6.3 or 6.4 system by submitting the following URL to the Web server: http://www.example.org/doc/packages/ This vulnerability is due to a configuration…
漏洞类别:Web server漏洞等级: 漏洞信息 If the Apache configuration file (/etc/httpd/httpd.conf) contains the following Alias entry, then all files in /cgi-bin/ can be accessed via URLs of the format http://target/cgi-bin-sdb: Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ B…
漏洞类别:Web server漏洞等级: 漏洞信息 LiveStats Statistics Server is a software package that allows Web masters to analyze their Web usage information in real-time. LiveStats Statistics Server Version 5.02x contains an important security issue that may allow a malicious u…
漏洞类别:Web server漏洞等级: 漏洞信息 Zope is a scripting language that allows Web masters to design their Web sites in an object oriented way using various means. Versions of Zope prior to Version 2.2.0 contain a bug that allows malicious users with a valid user account …
漏洞类别:CGI漏洞等级: 漏洞信息 "shtml.exe" is a component of the Frontpage package. Microsoft IIS Versions 4.0 and 5.0 contain a vulnerability that may disclose the local path of HTML, HTM, ASP and SHTML files. Requesting a non-existent file from shtml.dll will result in …
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS Version 5.0 has a dedicated scripting engine for advanced file types, such as ASP, ASA, and HTR files. The scripting engine handles requests for these file types, processes them accordingly, and then executes them on the…
漏洞类别:Web server漏洞等级: 漏洞信息 The remote Web server appears to be running with Frontpage Extensions. On a default installation of Frontpage Extensions, a virtual directory "/_vti_bin/" is created. Most scanner tools scan this directory because vulnerabilities have…
漏洞类别:Web server漏洞等级: 漏洞信息 The remote Web server appears to be running with Frontpage Extensions. On a default installation of Frontpage Extensions, a virtual directory /_vti_pvt/ is created. It may contain configuration files and encrypted password files. Unsp…
漏洞类别:Web server漏洞等级: 漏洞信息 If this is reported as a vulnerability, the "iissamples" directory is found present on your Microsoft IIS Web server. If this is reported as a potential vulnerability, the "iissamples" directory is probably present, based on the HTTP …
漏洞类别:Web server漏洞等级: 漏洞信息 On a default installation of Microsoft IIS (Internet Information Server) Version 4, the "/iisadmpwd" virtual directory is created. For IIS Version 5, although not installed by default, this can be easily created manually. This package…
漏洞类别:Web server漏洞等级: 漏洞信息 CGI scripts are usually placed in the cgi-bin Web directory. Listing of files in your cgi-bin directory is allowed. 漏洞危害 By browsing the cgi-bin directory, unauthorized users can obtain a list of all CGI scripts present on your server…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS (Internet Information Server) widely uses Active Server Pages (ASP). These scripts are similar to PHP pages on Apache servers. Microsoft IIS Versions 3.0 and 4.0 contain a vulnerability that allows unauthorized users to …
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS (Internet Information Server) Version 4.0 ships with an ISAPI application called webhits.dll, which provides hit-highlighting functionality for Index Server. webhits.dll dispatches files with an .htw extension. webhits.d…
漏洞类别:Web server漏洞等级: 漏洞信息 The Microsoft IIS Web server discloses its absolute path when responding to a request for a non-existent ida or idq file. 漏洞危害 By exploiting this vulnerability, unauthorized users can exploit the absolute path of the Web server to imp…