2 results (0.007 seconds)

CVSS: 5.0EPSS: 9%CPEs: 3EXPL: 4

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. La clase System.Web del XSP para el servidor ASP.NET desde la versión 1.1 hasta la 2.0 en Mono no verifica apropiadamente los nombres de rutas locales, lo cual permite a atacantes remotos (1)leer el código fuente añadiendo un espacio (%20) a la URI y (2) leer las credenciales mediante una petición al Web.Config%20. • https://www.exploit-db.com/exploits/29302 http://fedoranews.org/cms/node/2400 http://fedoranews.org/cms/node/2401 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0002.html http://secunia.com/advisories/23432 http://secunia.com/advisories/23435 http://secunia.com/advisories/23462 http://secunia.com/advisories/23597 http://secunia.com/advisories/23727 http://secunia.com/advisories/23776 http://secunia.com/advisories/23779 http://security.gentoo.org/glsa •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. Vulnerabilidad de atravesamiento de directorios en el componente xsp en mod_mono en Mono/C# web server, es usado en SUSE Open-Enterprise-Server 1 y SUSE Linux 9.2 hasta la 10.0, permite a un atacante remoto leer ficheros de su elección a través de la secuencia ..(punto punto)en una respueta HTTP. • http://lists.suse.com/archive/suse-security-announce/2006-Sep/0005.html http://secunia.com/advisories/21840 http://secunia.com/advisories/21847 http://securitytracker.com/id?1016821 http://www.securityfocus.com/bid/19929 http://www.vupen.com/english/advisories/2006/3552 •