CVE-2009-4530
https://notcve.org/view.php?id=CVE-2009-4530
Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. Mongoose v2.8.0 y anteriores permite a atacantes remotos obtener el código fuente de una página web añadiendo ::$DATA a la URI. • http://packetstormsecurity.org/0910-exploits/mongoose-disclose.txt http://secunia.com/advisories/36934 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1354 – MonGoose 2.4 (Windows) - WebServer Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1354
Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en Mongoose v2.4 permite a atacantes remotos leer ficheros de forma arbitraria a través de .. (punto punto) en el URI. • https://www.exploit-db.com/exploits/8428 http://www.securityfocus.com/archive/1/502648/100/0/threaded http://www.securityfocus.com/bid/34510 https://exchange.xforce.ibmcloud.com/vulnerabilities/49878 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •