MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

P-News p-news.php Name Field Privilege Escalation

The remote host is running the p-news bulletin board. There is a flaw in the version in use which may allow an attacker who has a 'Member' account to upgrade its privileges to administrator by supplying a malformed...

Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion

The remote host is running Webfroot Shoutbox, a PHP application that allows website visitors to leave one another messages. The version of Webfroot Shoutbox installed on the remote host allows an attacker to read arbitrary files and possibly to inject arbitrary PHP code into the remote host and...

CafeLog B2 Multiple Script Remote File Inclusion

The remote web server is running CafeLog, a blogging application written in PHP. The 'blogger-2-b2.php' and 'gm-2-b2.php' scripts are affected by a flaw that could allow an attacker to inject code. An attacker could exploit this to execute arbitrary code on the remote host subject to the...

Microsoft Media Services ISAPI nsiislog.dll Multiple Overflows

Some versions of IIS shipped with a default file, nsiislog.dll, within the /scripts directory. Nessus has determined that the remote host has the file installed. The NSIISLOG.dll CGI may allow an attacker to execute arbitrary commands on this host, through a buffer...

BLNews objects.inc.php4 Server[path] Parameter Remote File Inclusion

It is possible to make the remote host include remote PHP files using the BLnews CGI suite. A remote attacker may exploit this to execute arbitrary code with the privileges of the web...

BlackMoon FTP Server blackmoon.mdb Plaintext Password Disclosure

BlackMoon FTP server is installed on the remote host. FTP usernames and passwords are stored on the server in plaintext in a filed called 'blackmoon.mdb.' Any user with an account on this host may read the credentials stored in this file, and use them to connect to this FTP...

Microsoft BizTalk Server Multiple Remote Vulnerabilities

The remote host seems to be running Microsoft BizTalk server. There are two flaws in this software that could allow an attacker to issue a SQL insertion attack or to execute arbitrary code on the remote host. Note that Nessus solely relied on the presence of a Biztalk DLL to issue this alert so...

CesarFTP settings.ini Authentication Credential Plaintext Disclosure

The remote host is running CesarFTP. Due to a design flaw in the program, the plaintext usernames and passwords of FTP users are stored in the file 'settings.ini'. Any user with an account on this host may read this file and use the password to connect to this FTP...

Lovgate Virus Detection

The remote host seems to be infected with the 'lovgate' virus which opens a command prompt shell on this...

Sun Java Media Framework (JMF) Arbitrary Code Execution

The remote host is using Sun Microsystems's Java Media Framework (JMF). There is a bug in the version installed that may allow an untrusted applet to crash the Java Virtual Machine it is being run on, or even to gain unauthorized privileges. An attacker could exploit this flaw to execute arbitrary....

Drag And Zip File Name Handling Overflow

The remote host is running Drag And Zip - a file compression utility. There is a flaw in this program which may allow a remote attacker to execute arbitrary code on this host. To exploit this flaw, an attacker would need to craft a special Zip file and send it to a user on this host. Then, the...

Dr.Web File Name Handling Overflow

The remote host is running Dr.Web - an antivirus program. There is a flaw in the remote version of Dr.Web which may make it crash when scanning files whose name is excessively long. An attacker may use this flaw to execute arbitrary code on this host. To exploit it, an attacker would need to send.....

DBTools DBManager catalog.mdb Plaintext Local Credential Disclosure

The remote host is running DBManager from DBTool - a GUI to manage MySQL and PostgreSQL databases. This program stores the passwords and IP addresses of the managed databases in an unencrypted file. A local attacker could use the data in this file to log into the managed databases and execute...

CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client

Core Security Technologies Advisory http://www.coresecurity.com Multiple Vulnerabilities in Mirabilis ICQ client Date Published: 2003-05-05 Last Update: 2003-05-02 Advisory ID: CORE-2003-0303 Bugtraq IDs: 7461, 7462, 7463, 7464, 7465, 7466 CVE Names:...

Firewall UDP Packet Source Port 53 Ruleset Bypass

It is possible to bypass the rules of the remote firewall by sending UDP packets with a source port equal to 53. An attacker may use this flaw to inject UDP packets to the remote hosts, in spite of the presence of a...

Multiple Vulnerabilities in Mirabilis ICQ Client

Advisory Information: Date Published: 2003-05-05 Last Update: 2003-05-02 Advisory ID: CORE-2003-0303 Bugtraq IDs: 7461, 7462, 7463, 7464, 7465, 7466 CVE Names: CAN-2003-0235, CAN-2003-0236, CAN-2003-0237, CAN-2003-0238, CAN-2003-0239 CERT: VU#936164, VU#792988, VU#829860, VU#367156, VU#967316,...

Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames

Overview A vulnerability in the way Microsoft Internet Explorer (IE) handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data (i.e....

ScriptLogic Multiple Service Remote Privilege Escalation

The ScriptLogic service is running on this port. There is a flaw in versions up to 4.05 of this service which may allow an attacker to write arbitrary values in the remote registry with administrator privileges, which can be used to gain a shell on this host. *** Since Nessus was unable to...

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer (IE) allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data (i.e. cookies) from other web sites. In the presence of other vulnerabilities (VU#626395,....

Heap overflow in Snort "stream4" preprocessor

Overview The Snort "stream4" preprocessor module contains a vulnerability that allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root. Description Researchers at CORE Security Technologies have discovered a remotely exploitable heap overflow....

phPay admin/phpinfo.php Information Disclosure

The remote host is running phPay, an online shop management system. This package contains multiple information leakages that could allow an attacker to obtain the physical path of the installation on the remote host or even the exact version of the components used by the remote host by using the...

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)

-----BEGIN PGP SIGNED MESSAGE----- Title: Flaw in Microsoft VM Could Enable System Compromise (816093) Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical Bulletin: MS03-011 Microsoft...

Coppermine Photo Gallery Multiple Extension File Upload Arbitrary PHP Code Execution

The remote host is running Coppermine Gallery - a set of PHP scripts designed to handle galleries of pictures. This product has a vulnerability which allows an attacker to upload a rogue jpeg file which may contain PHP commands. A remote attacker could use this to execute arbitrary commands in...

AutomatedShops WebC.cgi Multiple Overflows

The remote host is running a version of AutomatedShops's webc.cgi that is older than version 5.020. This CGI is vulnerable to a remote buffer overflow (up to version 5.005 included) and to a local one (up to version 5.010 included). An attacker may use this flaw to execute arbitrary code on the...

Kerberos 5 < 1.3.5 Multiple Vulnerabilities

The remote host is running Kerberos 5. There are multiple flaws that affect this product. Make sure you are running the latest version with the latest patches. Note that Nessus could not check for any of the flaws and solely relied on the presence of the service to issue an alert, so this might be....

ScozBook scozbook/add.php Multiple Parameter XSS

The remote host is running ScozBook This set of CGI has two vulnerabilities : It is vulnerable to cross-site scripting attacks (in add.php) If the user requests view.php with a crafted PG Variable, he will obtain the physical path of the remote CGI An attacker may use these flaws...

Beanwebb's Guestbook 1.0 Multiple Vulnerabilities

The remote host is running Beanwebb's Guestbook. This set of CGIs has two vulnerabilities : Anyone can access the admin page (admin.php) It is vulnerable to cross-site scripting attacks (in add.php) An attacker may use these flaws to steal the cookies of your users or to inject fake...

Ecartis HTML Field Manipulation Arbitrary User Password Reset

The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi). According to its version number, there is a vulnerability that allows an authenticated user to change anyone's password, including the list administrators. An authenticated attacker could exploit this to take...

Justice Guestbook 1.3 Multiple Vulnerabilities

The remote host is running Justice Guestbook. This set of CGI has two vulnerabilities : It is vulnerable to cross-site scripting attacks (in jgb.php3). If the user requests the file cfooter.php3, he will obtain the physical path of the remote CGI. An attacker may use these flaws to...

CC GuestBook cc_guestbook.pl Multiple Parameter XSS

The remote host is running cc_guestbook.pl, a guestbook written in Perl. This CGI is vulnerable to a cross-site scripting attack. An attacker may use this flaw to steal the cookies of your...

E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using E-Theni. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web...

Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access

The remote host seems to be running Alexandria-Dev, an open source project management system. The CGIs 'docman/new.php' and 'patch/index.php' can be used by an attacker with the proper credentials to upload a file and trick the server about its real location on the disk. Therefore, an attacker may....

Advanced Poll info.php Remote Information Disclosure

The remote host is running Chien Kien Uong's Advanced Poll, a simple Poll system using PHP. By default, this utility includes a file named 'info.php' that makes a call to 'phpinfo()' and displays a lot of information about the remote host and how PHP is configured. An attacker may use this flaw...

My Guest Book (myGuestBk) Multiple Vulnerabilities

The remote web server is hosting myGuestBook. This installation comes with an administrative file in 'myguestBk/admin/index.asp' which lets any user delete old entries. In addition to this, this CGI is vulnerable to a cross-site-scripting...

SimpleChat Information Disclosure

It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently...

O'Reilly WebSite Pro args.bat Arbitrary Command Execution

The CGI 'args.bat' (and/or 'args.cmd') is installed. This CGI has a well known security flaw that lets an attacker upload arbitrary files on the remote web...

VChat Multiple Remote Vulnerabilities

It is possible to retrieve the log of all the chat sessions that have occurred on the remote vchat server by requesting the file vchat/msg.txt An attacker may use this flaw to read past chat sessions and possibly harass its participants. In addition to this, another flaw in the same product may...

Leif Wright ad.cgi file Parameter Arbitrary Command Execution

The CGI 'ad.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or...

Adcycle build.cgi Remote Password Disclosure

The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete...

Matt Wright textcounter.pl Arbitrary Command Execution

The CGI 'textcounter' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or...

WebDAV Detection

WebDAV is an industry standard extension to the HTTP specification. It adds a capability for authorized users to remotely add and manage the content of a web server. If you do not use this extension, you should disable...

SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express

Remote Administration of BEA WebLogic Server and Express Release Date: March 18, 2003 Severity: High Systems Affected: • WebLogic Server and Express 6.0 • WebLogic Server and Express 6.1 • WebLogic Server and Express 7.0 Description: SPI Labs and S21sec have identified a...

Ximian Evolution 1.x - UUEncoding Parsing Memory Corruption

Ximian Evolution 1.x - UUEncoding Parsing Memory...

Samba contains buffer overflow in SMB/CIFS packet fragment reassembly code

Overview A buffer overflow vulnerability has been discovered in Samba. An updated version has been released. Description A remotely exploitable buffer overflow vulnerability was discoved to affect Samba versions 2.0.x through 2.2.7a. From their bulletin: The SuSE security audit team, in...

Ximian Evolution 1.x - UUEncoding Parsing Memory Corruption

...

Irix Performance Copilot Service Information Disclosure

The service 'IRIX performance copilot' is running. This service discloses sensitive information about the remote host, and may be used by an attacker to perform a local denial of service. *** This warning may be a false positive since the presence *** of the bug was not verified...

Microsoft IIS fpcount.exe CGI Remote Overflow

Nessus detected the 'fpcount.exe' CGI on the remote web server. Some versions of this CGI have a remote buffer overflow vulnerability. A remote attacker could exploit it to crash the web server, or possibly execute arbitrary code. *** Nessus did not actually check for this flaw, but solely relied.....

Wordit Logbook logbook.pl file Parameter Arbitrary File Access

The WordIt 'logbook.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets anyone read arbitrary files on this...

MS02-001: Trusted Domain SID Remote Privilege Escalation (311401)

Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the...

Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access

Cross-Referencing Linux appaers to be installed on the remote host. There is a directory traversal vulnerability in the 'v' parameter of the 'source' CGI. A remote attacker could exploit this to read arbitrary files on the...