MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

Solaris 2.6/7/8/9 (SPARC) - 'ld.so.1' Local Privilege Escalation

...

Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)

Exploit for solaris platform in category local...

Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit (2)

Exploit for solaris platform in category local...

Solaris 2.6789 (SPARC) - ld.so.1 Local Privilege Escalation

Solaris 2.6789 (SPARC) - ld.so.1 Local Privilege...

Solaris 789 CDE LibDTHelp - Local Buffer Overflow (2)

Solaris 789 CDE LibDTHelp - Local Buffer Overflow...

Retina REM Detection

The remote host is running the EEYE REM server. This server is used to manage multiple EEYE Retina scanners. The presence of this server indicates that a group is scanning the network for...

Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector Revision 1.0 For Public Release 2004 December 15 1900 UTC (GMT) Contents Summary Affected Products Details Impact Software Versions and Fixes...

Singapore Gallery < 0.9.11 Multiple Vulnerabilities

Singapore is a PHP based photo gallery web application. The remote version of this software is affected by multiple vulnerabilities that may allow an attacker to read arbitrary files on the remote host or to execute arbitrary PHP...

Microsoft Security Bulletin MS04-045 Vulnerability in WINS Could Allow Remote Code Execution &#40;870763&#41;

Microsoft Security Bulletin MS04-045 Vulnerability in WINS Could Allow Remote Code Execution (870763) Issued: December 14, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Internet Naming Service (WINS) Impact of Vulnerability: Remote Code Execution...

SIR GNUBoard Remote File Inclusion

It is possible to make the remote web server read arbitrary files by using the GNUBoard CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web...

GNU Wget 1.x - Multiple Vulnerabilities

...

GNU Wget 1.x - Multiple Vulnerabilities

GNU Wget 1.x - Multiple...

Microsoft W3Who ISAPI w3who.dll Multiple Remote Vulnerabilities

The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables. Nessus has determined that this file is installed on the remote host. The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on...

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation. CVE-2003-0834. Local exploit for Solaris...

Visionael Scanner Detection (deprecated)

The remote host is running Visionael Scanner. Visionael scanner is a network discovery and penetration testing tool. The presence of this tool typically indicates that someone is scanning the network for...

CuteFTP Professional FTP Command Response Remote Overflow

The remote host has the program CuteFTP.exe installed. CuteFTP is an FTP client which contains several buffer overflow conditions. Using this version of CuteFTP to connect to a malicious FTP server could cause the client to crash, or could result in arbitrary code...

Cscope 13.015.x - Insecure Temporary File Creation (2)

Cscope 13.015.x - Insecure Temporary File Creation...

Microsoft IE FRAME/IFRAME/EMBED Tag Overflow (Bofra Worm Detection)

The remote host seems to have been infected with the Bofra worm or one of its variants, which infects machines via an Internet Explorer IFRAME exploit. It is very likely this system has been...

Cscope 13.015.x - Insecure Temporary File Creation (1)

Cscope 13.015.x - Insecure Temporary File Creation...

Cscope 13.0/15.x - Insecure Temporary File Creation (2)

...

Cscope 13.0/15.x - Insecure Temporary File Creation (1)

...

Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS

The 'cgi.rb' CGI is installed. Some versions is vulnerable to remote denial of service. By sending a specially crafted HTTP POST request, a malicious user can force the remote host to consume a large amount of CPU resources. *** Warning : Nessus solely relied on the presence of this *** CGI, it...

Goollery < 0.04b Multiple Vulnerabilities

According to its self-reported version number, the instance of Goollery running on the remote host is affected by multiple cross-site scripting (XSS) vulnerabilities in the viewpic.php script. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted request,...

Trend Micro ScanMail for Domino 2.51/2.6 - Remote File Disclosure

...

Trend Micro ScanMail for Domino 2.512.6 - Remote File Disclosure

Trend Micro ScanMail for Domino 2.512.6 - Remote File...

Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow

The '_maincfgret' CGI is installed on the remote web server. Some versions are vulnerable to a buffer overflow. Note that Nessus only checked for the presence of this CGI, and did not attempt to determine whether or not it is...

WordPress Blog HTTP Splitting Vulnerability

Exploit for unknown platform in category web...

WordPress Core 1.2 - HTTP Splitting

...

WordPress 1.2 - HTTP Splitting

WordPress 1.2 - HTTP...

WordPress Blog HTTP Splitting Vulnerability

No description provided by...

Debian DSA-461-1 : calife - buffer overflow

Leon Juranic discovered a buffer overflow related to the getpass(3) library function in calife, a program which provides super user privileges to specific users. A local attacker could potentially exploit this vulnerability, given knowledge of a local user's password and the presence of at least...

Debian DSA-246-1 : tomcat - information exposure, XSS

The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems : CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other...

Security bug in .NET Forms Authentication

Hi We believe we have discovered a serious flaw in .NET forms authentication when used to secure sub folders. A standard forms authentication setup requires the presence of "web.config" to set the authentication method and login procedure. The presence of this file prevents access to certain files....

IRC Bot ident Server Detection

This host seems to be running an ident server, but the ident server responds to an empty query with a random userid. This behavior may be indicative of an IRC bot, worm and/or virus infection. It is very likely this system has been...

Local root compromise possible with getmail

The following vulnerabilities apply to all releases of getmail prior to 3.2.5, and all version 4 releases prior to 4.2.0. They do not apply where getmail is run as an unprivileged user, or where an unprivileged external MDA is used for the final delivery of mail. They are not exploitable...

jabberd 1.x: Denial of Service vulnerability

Background Jabber is a set of streaming XML protocols enabling message, presence, and other structured information exchange between two hosts. jabberd is the original implementation of the Jabber protocol server. Description Jose Antonio Calvo found a defect in routines handling XML parsing of...

[Full-Disclosure] Debian netkit telnetd vulnerability

Exposure: Remote root compromise through buffer handling flaws Confirmed vulnerable: Up-to-date Debian 3.0 woody (issue is Debian-specific) Debian netkit-telnet-ssl-0.17.24+0.1 package Debian netkit-telnet-ssl-0.17.17+0.1 package Mitigating factors: Telnet service must be running and...

Turbo Seek tseekdir.cgi location Parameter Arbitrary File Access

The remote host is running Turbo Seek, a search engine and directory tool. The version of this software running on the remote host has a vulnerability that allows a remote attacker to read arbitrary files from the remote...

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME field multiple occurrence issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [[email protected]] Audience: General distribution Reference: c030804-002 -- Scope -- The aim of this document is to...

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field whitespace issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME field whitespace issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [[email protected]] Audience: General distribution Reference: c030804-003 -- Scope -- The aim of this document is to clearly...

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME separator issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME separator issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [[email protected]] Audience: General distribution Reference: c030804-006 -- Scope -- The aim of this document is to clearly define a.....

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME RFC2047 encoding issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [[email protected]] Audience: General distribution Reference: c030804-007 -- Scope -- The aim of this document is to clearly...

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME RFC2047 encoding issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [[email protected]] Audience: General distribution Reference: c030804-007 -- Scope -- The aim of this document is to clearly...

CuteNews index.php mod Parameter XSS

The version of CuteNews installed on the remote host is vulnerable to a cross-site scripting (XSS) attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code...

Xedus Detection

The remote host runs Xedus Peer-to-Peer web server. It provides the ability to share files, music, and any other media, as well as create robust and dynamic websites, which can feature database access and file system access, with full .NET...

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

The remote host is running dasBlog, a .NET blog system. According to its version number, it is vulnerable to multiple cross-site scripting issues. It is reported that versions up to and including 1.6.0 are vulnerable. The application does not sanitize the Referer and User-Agent HTTP headers. An...

XOOPS <= 1.0 Dictionary Module Multiple Scripts XSS

The remote version of XOOPS is vulnerable to several cross-site scripting attacks. An attacker can exploit it using the 'terme' and 'letter' parameters of the 'search.php' and 'letter.php' scripts respectively. This can be used to take advantage of the trust between a client and server allowing...

TorrentTrader download.php id Parameter SQL Injection

The remote host is running TorrentTrader, a web-based BitTorrent tracker. The remote version of this software is vulnerable to a SQL injection attack that may allow an attacker to inject arbitrary SQL statements in the remote...

IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service

IRM Security Advisory No. 010 Top Layer Attack Mitigator IPS 5500 Denial of Service Vulnerability Type / Importance: DoS / High Problem discovered: July 22nd 2004 Vendor contacted: July 23rd 2004 Advisory published: August 25th 2004 Abstract: Top Layer's Attack Mitigator IPS 5500 is...

Plesk Reloaded login_up.php3 login_name Parameter XSS

The remote host is running Plesk Reloaded (from SWsoft), a web-based system administration tool. The remote version of this software is vulnerable to a cross-site scripting attack because of its failure to sanitize user input to the 'login_name' parameter of the 'login_up.php3' script. This...