Tamer Sahin

10 exploits Active since Jan 2001
CVE-2002-1238 EXPLOITDB text WRITEUP
Peter Sandvik's Simple Web Server <0.5.1 - Auth Bypass
Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
CVE-2002-0897 EXPLOITDB text WRITEUP
LocalWEB2000 2.1.0 - Auth Bypass
LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.
CVE-2002-0112 EXPLOITDB text WORKING POC
Etype Eserv 2.97 - Info Disclosure
Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL.
CVE-2002-0128 EXPLOITDB c WORKING POC
Sambar Server - Denial of Service
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
CVE-2002-1248 EXPLOITDB text WORKING POC
Northern Solutions Xeneo Web Server <2.1.5 - DoS
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
CVE-2002-2232 EXPLOITDB perl STUB
Mollensoft Software Enceladus Server Suite - Memory Corruption
Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command.
CVE-2001-1044 EXPLOITDB text WRITEUP
Basilix Webmail <0.9.7beta - Info Disclosure
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
CVE-2002-0250 EXPLOITDB text WRITEUP
HP AdvanceStack hubs <J3210A - Auth Bypass
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
CVE-2001-1199 EXPLOITDB text WRITEUP
Agora <4.0g - XSS
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
CVE-2001-1212 EXPLOITDB text WRITEUP
Aktivate 1.03 - XSS
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.