| | The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. |
| | The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command. |
| | Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter. |
| | search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query paramater. |
| | eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running. |
| | Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute line using Perl's eval function. |
| | PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. |
| | Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. |
| | The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. |
| | Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter. |
| | Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. |
| | The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request. |
| | Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. |
| | The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
| | The handler CGI program in IRIX allows arbitrary command execution. |
| | Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. |
| | Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. |
| | Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. |
| | PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. |
| | The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. |
| | eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands. |
| | Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. |
| | HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. |
| | cross site scripting attempt |
| | cross site scripting \(img src=javascript\) attempt |
| | iPlanet GETPROPERTIES attempt |
| | weblogic view source attempt |
| | Tomcat directory traversal attempt |
| | Tomcat view source attempt |
| | xp_enumdsn attempt |
| | xp_filelist attempt |
| | xp_availablemedia attempt |
| | xp_cmdshell attempt |
| | ftp.pl attempt |
| | Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
| | .htpasswd access |
| | Allaire JRUN DOS attempt |
| | ICQ Webfront HTTP DOS |
| | Talentsoft Web+ Source Code view access |
| | SalesLogix Eviewer web command attempt |
| | musicat empower attempt |
| | jrun directory browse attempt |
| | viewcode access |
| | showcode access |
| | .history access |
| | .bash_history access |
| | /~nobody access |
| | RBS ISP /newuser directory traversal attempt |
| | AxisStorpoint CD attempt |
| | *%0a.pl access |
| | SecureSite authentication bypass attempt |
| | b2 arbitrary command execution attempt |
| | b2 access |
| | PIX firewall manager directory traversal attempt |
| | jigsaw dos attempt |
| | Nessus 404 probe |
| | Netscape admin passwd |
| | Apache Chunked-Encoding worm attempt |
| | Transfer-Encoding\: chunked |
| | Tomcat servlet mapping cross site scripting attempt |
| | answerbook2 arbitrary command execution attempt |
| | TRACE attempt |
| | MsmMask.exe attempt |
| | Lotus Notes .csp script source download attempt |
| | Lotus Notes .pl script source download attempt |
| | Lotus Notes .exe script source download attempt |
| | BitKeeper arbitrary command attempt |
| | post32.exe arbitrary command attempt |
| | philboard_admin.asp authentication bypass attempt |
| | philboard_admin.asp access |
| | logicworks.ini access |
| | /*.shtml access |
| | mod_gzip_status access |
| | post32.exe access |
| | philboard.mdb access |
| | MsmMask.exe access |
| | DB4Web access |
| | iPlanet .perf access |
| | Demarc SQL injection attempt |
| | helpout.exe access |
| | Tomcat TroubleShooter servlet access |
| | Tomcat SnoopServlet servlet access |
| | WEB-INF access |
| | BigBrother access |
| | webfind.exe access |
| | active.log access |
| | robots.txt access |
| | robot.txt access |
| | Sun JavaServer default password login attempt |
| | Linksys router default password login attempt \(\:admin\) |
| | Linksys router default password login attempt \(admin\:admin\) |
| | Oracle Dynamic Monitoring Services (dms) access |
| | Oracle Java Process Manager access |
| | bad HTTP/1.1 request, Potentially worm attack |
| | whisker space splice attack |
| | whisker tab splice attack |
| | apache chunked encoding memory corruption exploit attempt |
| | /ecscripts/ecware.exe access |
| | SiteScope Service access |
| | answerbook2 admin attempt |
| | iChat directory traversal attempt |
| | mkplog.exe access |
| | mkilog.exe access |
| | .DS_Store access |
| | .FBCIndex access |
| | server-info access |
| | server-status access |
| | Axis Storpoint CD access |
| | Cisco Catalyst command execution attempt |
| | /CVS/Entries access |
| | cvsweb version access |
| | /doc/packages access |
| | ?open access |
| | DELETE attempt |
| | /home/ftp access |
| | /home/www access |
| | RBS ISP /newuser access |
| | musicat empower access |
| | ROADS search.pl attempt |
| | Tomcat sourecode view |
| | Tomcat sourecode view |
| | Tomcat sourecode view |
| | SWEditServlet directory traversal attempt |
| | SWEditServlet access |
| | whisker HEAD/./ |
| | http directory traversal |
| | sadmind worm access |
| | SalesLogix Eviewer access |
| | Trend Micro OfficeScan attempt |
| | Trend Micro OfficeScan access |
| | search.vts access |
| | .nsconfig access |
| | Admin_files access |
| | backup access |
| | intranet access |
| | filemail access |
| | adminlogin access |
| | ultraboard access |
| | Talentsoft Web+ internal IP Address access |
| | cybercop scan |
| | L3retriever HTTP Probe |
| | Webtrends HTTP probe |
| | queryhit.htm access |
| | unify eWave ServletExec DOS |
| | Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. |
| | Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. |
| | ftp.pl access |
| | Tomcat server exploit access |
| | http directory traversal |
| | Lotus DelDoc attempt |
| | Lotus EditDoc attempt |
| | ls%20-l |
| | /etc/passwd |
| | Ecommerce check.txt access |
| | AuthChangeUrl access |
| | cpshost.dll access |
| | .htaccess access |
| | .wwwacl access |
| | .wwwacl access |
| | cd.. |
| | /.... access |
| | ///cgi-bin access |
| | /cgi-bin/// access |
| | /~root access |
| | /~ftp access |
| | Ecommerce import.txt access |
| | Ecommerce import.txt access |
| | Domino catalog.nsf access |
| | Domino domcfg.nsf access |
| | Domino domlog.nsf access |
| | Domino log.nsf access |
| | Domino names.nsf access |
| | Domino mab.nsf access |
| | Domino cersvr.nsf access |
| | Domino setup.nsf access |
| | Domino statrep.nsf access |
| | Domino webadmin.nsf access |
| | Domino events4.nsf access |
| | Domino ntsync4.nsf access |
| | Domino collect4.nsf access |
| | Domino mailw46.nsf access |
| | Domino bookmark.nsf access |
| | Domino agentrunner.nsf access |
| | Domino mail.box access |
| | Ecommerce checks.txt access |
| | apache DOS attempt |
| | Netscape PublishingXpert access |
| | mall log order access |
| | architext_query.pl access |
| | wwwboard.pl access |
| | order.log access |
| | nc.exe attempt |
| | wsh attempt |
| | rcmd attempt |
| | telnet attempt |
| | net attempt |
| | tftp attempt |
| | xp_regread attempt |
| | xp_regwrite attempt |
| | xp_regdeletekey attempt |
| | WebDAV search access |
| | ftp attempt |
| | Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. |
| | 3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability. |
| | Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. |
| | Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
| | The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. |
| | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method. |
| | The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. |
| | Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL. |
| | The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. |
| | Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known. |
| | Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
| | Denial of service in IIS 4 with scripts from the ExAir sample site. |
| | The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory. |
| | Netscape Enterprise servers may list files through the PageServices query. |
| | A default configuration of Apache on Debian Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. |
| | Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter. |
| | The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. |
| | The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. |
| | orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. |
| | The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. |
| | Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. |
| | Directory traversal vulnerability in Quikstore shopping cart program allows rmeote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter. |
| | Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. |
| | ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. |
| | Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to retrieve arbitrary files via webserver root directory set to system root. |
| | Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. |
| | CGI PHP mylog script allows an attacker to read any file on the target server. |
| | Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. |
| | The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. |
| | CGI PHP mlog script allows an attacker to read any file on the target server. |
| | An incorrect configuration of the QuikStore shopping cart CGI program "quikstore.cgi" could disclose private information. |
| | An incorrect configuration of the Webcart CGI program could disclose private information. |
| | The IMAP service is running. |
| | Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. |
| | counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation. |
| | Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter. |
| | WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. |
| | Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service. |
| | PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. |
| | WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters. |
| | A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands. |
| | The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. |
| | The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. |
