WebDescription. The version of Allaire JRun running on the remote host is affected by an information disclosure vulnerability due to an issue in handling malformed URLs. An unauthenticated, remote attacker can exploit this, via a crafted request, to display a listing of files in arbitrary directories, which may contain sensitive files. WebDescription. It is possible to read a '.DS_Store' file on the remote web server. This file is created by MacOS X Finder; it is used to remember the icons position on the desktop, among other things, and contains the list of files and directories present in the remote directory. Note that deleted files may still be present in this .DS_Store file.
Allaire JRun Encoded JSP Request Directory Listing Tenable®
WebThe remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files. Description The remote WebLogic server discloses the listing of the page directories when a user submits a URL finishing with %00, %2e, %2f or %5c. An attacker may use this flaw to view the source code of JSP files or other dynamic content. Solution WebThe SilverStream application server running on the remote host currenly has directory listings enabled. An unauthenticated, remote attacker may use this issue to gain more knowledge about the service and possibly to retrieve sensitive files. Solution Reconfigure the server to disable directory listings. See Also http://www.nessus.org/u?4c550d49 relax on a bean bag drawing
Microsoft’s April 2024 Patch Tuesday Addresses 97 CVEs (CVE …
WebSecurity misconfiguration can happen at any level of an application stack, including the network services, platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines, containers, or storage. Automated scanners are useful for detecting misconfigurations, use of default accounts or ... WebApr 9, 2024 · The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-7e7414e64d advisory. - A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and telnet options during ... WebApr 11, 2024 · Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day. Microsoft patched 97 CVEs in its April 2024 Patch Tuesday Release, with … relax on cloud 9