MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

INL ulog-php port.php proto Parameter SQL Injection

The remote host is running ulog-php, a firewall log analysis interface written in PHP. There is a SQL injection vulnerability in the remote interface, in the 'port.php' script that may allow an attacker to insert arbitrary SQL statements into the remote database. An attacker may exploit this...

eGroupWare <= 1.0.00.003 Multiple Module XSS

The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though...

PHP-Nuke PhotoADay Module pad_selected Parameter XSS

The remote host is running PhotoADay, a web-based photo album management software. The installed version fails to sanitize input passed to the 'pad_selected' parameter before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject...

Galeon < 1.2.2 XMLHttpRequest File / Directory Disclosure

The remote host is using the Galeon web browser. This version contains a flaw that may allow a rogue web server to determine the presence of a file or even the listing of directories to be sent back to a rogue web...

Mozilla < 1.0rc2 XMLHttpRequest File / Directory Disclosure (deprecated)

The remote host is using the Mozilla web browser. This version contains a flaw that may allow a rogue web server to determine the presence of a file or even the listing of directories to be sent back to a rogue web...

CuteNews show_archives.php archive Parameter XSS

According to its banner, the version of CuteNews on the remote host is affected by a cross-site scripting (XSS) vulnerability due to a failure to sanitize input to the 'archive' parameter of the show_archives.php script. An unauthenticated, remote attacker can exploit this, via a specially crafted....

Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection

The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a Denial of Service attack or data injection. The Evolution mail client supports uuencoded content and decodes it automatically when a message is initially parsed. An attacker may be able to send a.....

Netscape < 6.2.3 XMLHttpRequest File / Directory Disclosure

The remote host is using the Netscape web browser. This version contains a flaw that may allow a rogue web server to determine the presence of a file or even the listing of directories to be sent back to a rogue web...

Policy - Civilization III Gaming Server Detection

The remote client is a Civilization Gaming client. The presence of this traffic indicates that individuals are playing network-based...

Policy - Quake Gaming Server Detection

The remote client is a Quake gaming client. Many games utilize the 'Quake' Gaming Protocol. The presence of this traffic indicates that individuals are playing network-based...

thttpd < 2.21 Error Page XSS

The remote host is running a vulnerable version of Acme thttpd. It is reported that this version of thttpd fails to check URLs for the presence of script commands when generating error pages. An attacker may craft links containing scripting code in order to execute code within the context of the...

Multiple Vulnerabilities in Free Web Chat

Donato Ferrante Application: Free Web Chat http://sourceforge.net/projects/freewebchat/ Version: Initial Release Bugs: Multiple Vulnerabilities Date: 04-Aug-2004 Author: Donato Ferrante e-mail: [email protected] web: ...

Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities

...

Ethereal 0.x - Multiple iSNS SMB SNMP Protocol Dissector Vulnerabilities

Ethereal 0.x - Multiple iSNS SMB SNMP Protocol Dissector...

RiSearch show.pl Arbitrary File Access

The remote host appears to be running RiSearch, a local search engine. This version contains an information disclosure vulnerability. Passing a local file URI to 'show.pl' reveals that file's contents. A remote attacker could use this information to read arbitrary files from the system, which...

Dr.Web scanMail Function Unspecified Overflow

The remote host is running Dr.Web - an antivirus program. There is a buffer overflow in the remote version of Dr.Web which might allow an attacker to execute arbitrary commands on the remote host. Very little details are known regarding this issue at this...

RiSearch show.pl Open Proxy Relay

The remote host seems to be running RiSearch, a local search engine. There is a flaw in the CGI 'show.pl' which is bundled with this software that could allow an attacker to use the remote host as an open proxy by doing a request like :...

OpenFTPD SITE MSG FTP Command Format String

The remote host is running OpenFTPD - an FTP server designed to help file sharing (aka 'warez'). Some versions of this server are vulnerable to a remote format string attack that could allow an authenticated attacker to execute arbitrary code on the remote host. Note that Nessus did not actually...

Authenticated Check : OS Name and Installed Package Enumeration

This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a...

[Full-Disclosure] CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server

The following advisory is also available in pdf for download at http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Denial of Service in WebSphere Edge Server. Vulnerability Class: Denial of Service Release Date: June 2nd 2004 Affected...

Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"

Overview The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts. Description Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and....

wgetuhoh.txt

...

RPC bootparamd NIS Domain Name Disclosure

Using the remote bootparamd service, it was possible to obtain the NIS domain of the network. A remote attacker could use this information to mount further...

IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service

Overview The IEEE 802.11 wireless networking protocol contains a vulnerability that could allow a remote attacker to cause a denial of service to any wireless device within range. Description IEEE 802.11 wireless network protocols use a Clear Channel Assessment (CCA) algorithm to determine whether....

NIS passwd.byname Map Disclosure

This script fetches the remote NIS 'passwd.byname' map, provided that the NIS domain name could be...

Microsoft Windows NT 4.02000 - Local Descriptor Table Privilege Escalation (MS04-011)

Microsoft Windows NT 4.02000 - Local Descriptor Table Privilege Escalation...

Microsoft Windows NT 4.0/2000 - Local Descriptor Table Privilege Escalation (MS04-011)

...

Eudora 6.0.3 nested MIME DoS

Eudora 6.0.3 for Windows will crash if sent a MIME message nested more than 2000 levels deep. Due to the presence of the [EudoraDir]\spool*.RCV file, users may find it difficult to recover from this DoS situation. Demo below. Cheers, Paul Szabo - [email protected] ...

Cisco Security Advisory: A default Username and Password in WLSE and HSE devices

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a re-release of the Advisory. In the previous Advisory release, it was incorrectly stated that the fix for this vulnerability is a configuration change. That has now been corrected. We apologize for any inconvenience, Cisco PSIRT Cisco...

Cisco WLSE and HSE devices contain hardcoded username and password

Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in some....

Agobot.FO Backdoor Detection

The remote host has the Agobot.FO backdoor installed. This backdoor is known to: Scan local networks for common Microsoft vulnerabilities. Scan local networks for exploitable DameWare systems. Brute force local Microsoft machine User accounts. Connect to an IRC channel and setup a BOT...

[SECURITY] [DSA 461-1] New calife packages fix buffer overflow

Debian Security Advisory DSA 461-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 11th, 2004 http://www.debian.org/security/faq Package : calife Vulnerability : buffer overflow Problem-Type ...

calife - buffer overflow

Leon Juranic discovered a buffer overflow related to the getpass(3) library function in calife, a program which provides super user privileges to specific users. A local attacker could potentially exploit this vulnerability, given knowledge of a local user's password and the presence of at least...

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the do_mremap() call that allows software to create a virtual memory area (VMA) with a length of 0 bytes......

SpiderSales Shopping Cart SQL injection

The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary...

Microsoft Security Bulletin MS04-006

Microsoft Security Bulletin MS04-006 Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) Issued: February 10, 2004 Version Number: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows Internet Naming Service (WINS)®...

Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method

Overview Microsoft Internet Information Server (IIS) servers support a HTTP method called TRACK. The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as...

HotNews Multiple Script Remote File Inclusion

The remote host is running HotNews, a set of PHP scripts designed to set up a newssystem for web pages. It is possible this suite to make the remote host include php files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell...

EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion

The remote host is running EasyDynamicPages, a set of PHP scripts designed to help web publication. It is possible with this suite to make the remote host include PHP files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell...

QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP...

eZ Multiple Packages Stack Overflow Vulnerability

eZ Multiple Packages Stack Overflow Vulnerability Credit: Author : Peter Winter-Smith Software: Packages : "eZnet.exe" + eZ Included in, or also known as: + eZphotoshare + eZmeeting +...

Integer overflow vulnerability in rsync

Overview Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. Description rsync is an open source utility that provides fast incremental file transfer. It features the ability to...

Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow

The foxweb.dll or foxweb.exe CGI is installed. Versions 2.5 and below of this CGI program have a remote stack buffer overflow. A remote attacker could use this to crash the web server, or possibly execute arbitrary code. ** Since Nessus just verified the presence of the CGI but could ** not check.....

CuteNews Debug Info Disclosure

There is a bug in the remote version of CuteNews that allows an attacker to obtain information from a call to the phpinfo() PHP function such as the username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, the system version (unix /...

VP-ASP shopsearch SQL Injection

The remote host is running the VP-ASP CGI suite. There is a bug in this suite that could allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker could use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the...

surfboard-1.1.8.txt

...

Surfboard &lt;= 1.1.8 vulns

Luigi Auriemma Application: Surfboard webserver http://surfd.sourceforge.net Versions: &lt;= 1.1.8 Platforms: *nix Bugs: possibility to view all the files in the system and resources consumption Risk: medium/high Exploitation: remote/easy...

ISC BIND 8 vulnerable to cache poisoning via negative responses

Overview The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains. Description Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this...

[Full-Disclosure] rpc.mountd Vulnerabilities on SGI IRIX

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: rpc.mountd Vulnerabilities Number: 20031102-01-P Date: November, 21 2003 Reference: SGI BUG 897521, CVE CAN-1999-1225 Reference: SGI BUG 897523, CVE CAN-2003-0796 Reference: SGI BUG 898361,...

Microsoft FrontPage Server Extensions - fp30reg.dll (MS03-051)

Microsoft FrontPage Server Extensions - fp30reg.dll...