INL ulog-php port.php proto Parameter SQL Injection
The remote host is running ulog-php, a firewall log analysis interface written in PHP. There is a SQL injection vulnerability in the remote interface, in the 'port.php' script that may allow an attacker to insert arbitrary SQL statements into the remote database. An attacker may exploit this...
0.1AI Score
eGroupWare <= 1.0.00.003 Multiple Module XSS
The remote version of eGroupware is vulnerable to a cross-site scripting attack. This could allow a remote attacker to steal the cookies of a legitimate user by tricking them into clicking a maliciously crafted URL. eGroupware reportedly has other cross-site scripting vulnerabilities, though...
-0.7AI Score
0.009EPSS
PHP-Nuke PhotoADay Module pad_selected Parameter XSS
The remote host is running PhotoADay, a web-based photo album management software. The installed version fails to sanitize input passed to the 'pad_selected' parameter before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject...
-0.6AI Score
Galeon < 1.2.2 XMLHttpRequest File / Directory Disclosure
The remote host is using the Galeon web browser. This version contains a flaw that may allow a rogue web server to determine the presence of a file or even the listing of directories to be sent back to a rogue web...
1.4AI Score
Mozilla < 1.0rc2 XMLHttpRequest File / Directory Disclosure (deprecated)
The remote host is using the Mozilla web browser. This version contains a flaw that may allow a rogue web server to determine the presence of a file or even the listing of directories to be sent back to a rogue web...
1.9AI Score
CuteNews show_archives.php archive Parameter XSS
According to its banner, the version of CuteNews on the remote host is affected by a cross-site scripting (XSS) vulnerability due to a failure to sanitize input to the 'archive' parameter of the show_archives.php script. An unauthenticated, remote attacker can exploit this, via a specially crafted....
-0.6AI Score
Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection
The remote host is running a version of the Ximian Evolution email client that may be vulnerable to a Denial of Service attack or data injection. The Evolution mail client supports uuencoded content and decodes it automatically when a message is initially parsed. An attacker may be able to send a.....
3.4AI Score
Netscape < 6.2.3 XMLHttpRequest File / Directory Disclosure
The remote host is using the Netscape web browser. This version contains a flaw that may allow a rogue web server to determine the presence of a file or even the listing of directories to be sent back to a rogue web...
1.4AI Score
Policy - Civilization III Gaming Server Detection
The remote client is a Civilization Gaming client. The presence of this traffic indicates that individuals are playing network-based...
2AI Score
Policy - Quake Gaming Server Detection
The remote client is a Quake gaming client. Many games utilize the 'Quake' Gaming Protocol. The presence of this traffic indicates that individuals are playing network-based...
2.3AI Score
The remote host is running a vulnerable version of Acme thttpd. It is reported that this version of thttpd fails to check URLs for the presence of script commands when generating error pages. An attacker may craft links containing scripting code in order to execute code within the context of the...
1.4AI Score
Multiple Vulnerabilities in Free Web Chat
Donato Ferrante Application: Free Web Chat http://sourceforge.net/projects/freewebchat/ Version: Initial Release Bugs: Multiple Vulnerabilities Date: 04-Aug-2004 Author: Donato Ferrante e-mail: [email protected] web: ...
-0.3AI Score
6.4AI Score
EPSS
Ethereal 0.x - Multiple iSNS SMB SNMP Protocol Dissector Vulnerabilities
Ethereal 0.x - Multiple iSNS SMB SNMP Protocol Dissector...
1.2AI Score
0.026EPSS
RiSearch show.pl Arbitrary File Access
The remote host appears to be running RiSearch, a local search engine. This version contains an information disclosure vulnerability. Passing a local file URI to 'show.pl' reveals that file's contents. A remote attacker could use this information to read arbitrary files from the system, which...
9.8CVSS
AI Score
0.159EPSS
Dr.Web scanMail Function Unspecified Overflow
The remote host is running Dr.Web - an antivirus program. There is a buffer overflow in the remote version of Dr.Web which might allow an attacker to execute arbitrary commands on the remote host. Very little details are known regarding this issue at this...
1.5AI Score
RiSearch show.pl Open Proxy Relay
The remote host seems to be running RiSearch, a local search engine. There is a flaw in the CGI 'show.pl' which is bundled with this software that could allow an attacker to use the remote host as an open proxy by doing a request like :...
9.8CVSS
-0.3AI Score
0.159EPSS
OpenFTPD SITE MSG FTP Command Format String
The remote host is running OpenFTPD - an FTP server designed to help file sharing (aka 'warez'). Some versions of this server are vulnerable to a remote format string attack that could allow an authenticated attacker to execute arbitrary code on the remote host. Note that Nessus did not actually...
0.6AI Score
0.024EPSS
Authenticated Check : OS Name and Installed Package Enumeration
This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a...
AI Score
[Full-Disclosure] CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server
The following advisory is also available in pdf for download at http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Denial of Service in WebSphere Edge Server. Vulnerability Class: Denial of Service Release Date: June 2nd 2004 Affected...
1AI Score
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
Overview The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts. Description Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store and....
0.4AI Score
0.019EPSS
-0.4AI Score
RPC bootparamd NIS Domain Name Disclosure
Using the remote bootparamd service, it was possible to obtain the NIS domain of the network. A remote attacker could use this information to mount further...
0.2AI Score
IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service
Overview The IEEE 802.11 wireless networking protocol contains a vulnerability that could allow a remote attacker to cause a denial of service to any wireless device within range. Description IEEE 802.11 wireless network protocols use a Clear Channel Assessment (CCA) algorithm to determine whether....
0.3AI Score
0.096EPSS
NIS passwd.byname Map Disclosure
This script fetches the remote NIS 'passwd.byname' map, provided that the NIS domain name could be...
-0.1AI Score
Microsoft Windows NT 4.02000 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows NT 4.02000 - Local Descriptor Table Privilege Escalation...
0.2AI Score
7.4AI Score
EPSS
Eudora 6.0.3 for Windows will crash if sent a MIME message nested more than 2000 levels deep. Due to the presence of the [EudoraDir]\spool*.RCV file, users may find it difficult to recover from this DoS situation. Demo below. Cheers, Paul Szabo - [email protected] ...
-0.4AI Score
Cisco Security Advisory: A default Username and Password in WLSE and HSE devices
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a re-release of the Advisory. In the previous Advisory release, it was incorrectly stated that the fix for this vulnerability is a configuration change. That has now been corrected. We apologize for any inconvenience, Cisco PSIRT Cisco...
-0.4AI Score
Cisco WLSE and HSE devices contain hardcoded username and password
Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in some....
0.1AI Score
The remote host has the Agobot.FO backdoor installed. This backdoor is known to: Scan local networks for common Microsoft vulnerabilities. Scan local networks for exploitable DameWare systems. Brute force local Microsoft machine User accounts. Connect to an IRC channel and setup a BOT...
-0.1AI Score
[SECURITY] [DSA 461-1] New calife packages fix buffer overflow
Debian Security Advisory DSA 461-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 11th, 2004 http://www.debian.org/security/faq Package : calife Vulnerability : buffer overflow Problem-Type ...
6.7AI Score
0.0004EPSS
Leon Juranic discovered a buffer overflow related to the getpass(3) library function in calife, a program which provides super user privileges to specific users. A local attacker could potentially exploit this vulnerability, given knowledge of a local user's password and the presence of at least...
5.8AI Score
0.0004EPSS
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the do_mremap() call that allows software to create a virtual memory area (VMA) with a length of 0 bytes......
0.3AI Score
0.001EPSS
SpiderSales Shopping Cart SQL injection
The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary...
8AI Score
0.002EPSS
Microsoft Security Bulletin MS04-006
Microsoft Security Bulletin MS04-006 Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) Issued: February 10, 2004 Version Number: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows Internet Naming Service (WINS)®...
-0.1AI Score
0.967EPSS
Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method
Overview Microsoft Internet Information Server (IIS) servers support a HTTP method called TRACK. The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as...
AI Score
0.047EPSS
HotNews Multiple Script Remote File Inclusion
The remote host is running HotNews, a set of PHP scripts designed to set up a newssystem for web pages. It is possible this suite to make the remote host include php files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell...
0.4AI Score
0.038EPSS
EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion
The remote host is running EasyDynamicPages, a set of PHP scripts designed to help web publication. It is possible with this suite to make the remote host include PHP files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell...
7.2AI Score
0.066EPSS
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP...
-0.2AI Score
eZ Multiple Packages Stack Overflow Vulnerability
eZ Multiple Packages Stack Overflow Vulnerability Credit: Author : Peter Winter-Smith Software: Packages : "eZnet.exe" + eZ Included in, or also known as: + eZphotoshare + eZmeeting +...
-0.1AI Score
Integer overflow vulnerability in rsync
Overview Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. Description rsync is an open source utility that provides fast incremental file transfer. It features the ability to...
0.1AI Score
0.379EPSS
Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow
The foxweb.dll or foxweb.exe CGI is installed. Versions 2.5 and below of this CGI program have a remote stack buffer overflow. A remote attacker could use this to crash the web server, or possibly execute arbitrary code. ** Since Nessus just verified the presence of the CGI but could ** not check.....
0.3AI Score
0.018EPSS
CuteNews Debug Info Disclosure
There is a bug in the remote version of CuteNews that allows an attacker to obtain information from a call to the phpinfo() PHP function such as the username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, the system version (unix /...
AI Score
VP-ASP shopsearch SQL Injection
The remote host is running the VP-ASP CGI suite. There is a bug in this suite that could allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker could use this flaw to gain the control of the remote website and possibly execute arbitrary commands on the...
AI Score
-0.3AI Score
Luigi Auriemma Application: Surfboard webserver http://surfd.sourceforge.net Versions: <= 1.1.8 Platforms: *nix Bugs: possibility to view all the files in the system and resources consumption Risk: medium/high Exploitation: remote/easy...
0.2AI Score
ISC BIND 8 vulnerable to cache poisoning via negative responses
Overview The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains. Description Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this...
0.3AI Score
0.02EPSS
[Full-Disclosure] rpc.mountd Vulnerabilities on SGI IRIX
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: rpc.mountd Vulnerabilities Number: 20031102-01-P Date: November, 21 2003 Reference: SGI BUG 897521, CVE CAN-1999-1225 Reference: SGI BUG 897523, CVE CAN-2003-0796 Reference: SGI BUG 898361,...
-0.5AI Score
0.014EPSS
Microsoft FrontPage Server Extensions - fp30reg.dll (MS03-051)
Microsoft FrontPage Server Extensions - fp30reg.dll...
AI Score