CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2009-4530
https://notcve.org/view.php?id=CVE-2009-4530
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. Mongoose v2.8.0 y anteriores permite a atacantes remotos obtener el código fuente de una página web añadiendo ::$DATA a la URI. • http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt http://secunia.com/advisories/36934 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 4CVE-2009-4535 – Mongoose Web Server 2.8 - Source Disclosure
https://notcve.org/view.php?id=CVE-2009-4535
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / (slash) character to the URI. Mongoose v2.8.0 y anteriores permite a atacantes remotos obtener el código fuente de una página web añadiendo un carácter / (barra) a la URI. • https://www.exploit-db.com/exploits/9897 https://www.exploit-db.com/exploits/12309 http://freetexthost.com/0lcsrgt3vw http://pocoftheday.blogspot.com/2009/10/mongoose-web-server-v280-remote-source_22.html http://secunia.com/advisories/36934 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 1%CPEs: 1EXPL: 2CVE-2009-1354 – MonGoose 2.4 (Windows) - WebServer Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1354
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en Mongoose v2.4 permite a atacantes remotos leer ficheros de forma arbitraria a través de .. (punto punto) en el URI. • https://www.exploit-db.com/exploits/8428 http://www.securityfocus.com/archive/1/502648/100/0/threaded http://www.securityfocus.com/bid/34510 https://exchange.xforce.ibmcloud.com/vulnerabilities/49878 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •