MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

MS02-031: Cumulative patches for Excel and Word for Windows (324458)

The versions of Microsoft Word and Excel installed on the remote host are missing a security update. They are, therefore, affected by multiple vulnerabilities : A security bypass vulnerability exists in Excel due to improper handling of formatted inline macros that are attached to...

SimpleBBS users disclosure

The remote installation of SimpleChat allows an unauthenticated, remote attacker to retrieve its user database via a direct request to 'data/usr', which contains confidential information such as user...

Solaris mibiisa MIB Parsing Remote Overflow

The remote host is running mibiisa. There is a buffer overflow in older versions of this software, which may allow an attacker to gain a root shell on this host. Note that Nessus did not actually check for this vulnerability so this might be a false...

Virus Infection Detection (deprecated)

This script checks for the presence of different viruses on the remote host, by using the SMB credentials that you provide to Nessus. W32/Badtrans-B JS_GIGGER.A@mm W32/Vote-A W32/Vote-B CodeRed W32.Sircam.Worm@mm W32.HLLW.Fizzer@mm W32.Sobig.B@mm W32.Sobig.E@mm W32.Sobig.F@mm W32.Sobig.C@mm...

GTcatalog index.php custom Parameter Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using GTcatalog. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. In addition, making a direct request for 'password.inc' may...

Microsoft Content Management Server (MCMS) 2001 Multiple Remote Vulnerabilities

The remote host is running Microsoft Content Management Server. There is a buffer overflow in the Profile Service that could allow an attacker to execute arbitrary code on this...

WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion

The version of Webchat installed on the remote host allows an attacker to read local files or execute PHP code, possibly taken from third- party sites, subject to the permissions of the web server user...

mod_frontpage for Apache fpexec Remote Overflow

The remote host is using the Apache mod_frontpage module. mod_frontpage older than 1.6.1 is vulnerable to a buffer overflow that could allow an attacker to gain root access. *** Since Nessus was not able to remotely determine the version *** of mod_frontage you are running, you are advised to...

CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution

The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web...

GOsa Multiple Script plugin Parameter Remote File Inclusion

The remote web server is hosting GOnicus System Administrator (GOsa), a PHP-based administration tool for managing accounts and systems in LDAP databases. The version of GOsa installed on the remote host fails to sanitize user input to the 'plugin' parameter of several scripts before using it to...

WihPhoto sendphoto.php Traversal Arbitrary File Access

It is possible to make the remote host mail any file contained on its hard drive by using a flaw in WihPhoto's 'util/email.php'...

Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities

Overview Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol (SIP). These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice...

Default Password (D13hh[) for 'root' Account

The account 'root' has the password 'D13hh['. An attacker may use it to gain further privileges on this system. The presence of this account suggests the system may have the D13HH rootkit (typically found on Solaris...

N/X Web Content Management Multiple Script Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using N/X Web content management system. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web...

Stronghold swish Search Script Information Disclosure

An information disclosure vulnerability was reported in a sample script provided with Red Hat's Stronghold web server. A remote user can determine the web root directory path. A remote user can send a request to the Stronghold sample script swish to cause the script to reveal the full path to the.....

[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting

Debian Security Advisory DSA 246-1 [email protected] http://www.debian.org/security/ Martin Schulze January 29th, 2003 http://www.debian.org/security/faq Package : tomcat Vulnerability : information exposure, cross...

[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting

Debian Security Advisory DSA 246-1 [email protected] http://www.debian.org/security/ Martin Schulze January 29th, 2003 http://www.debian.org/security/faq Package : tomcat Vulnerability : information exposure, cross...

tomcat - information exposure, cross site scripting

The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems: \ CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome...

Web servers enable HTTP TRACE method by default

Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...

Various FTP clients fail to account for pipe (|) characters in default file names

Overview Various FTP client implementations do not correctly handle files whose name begins with the "|" (pipe) character. Description Most FTP clients include a feature in which the remote filename is used as the local filename in a GET (RETR) operation. For example, many FTP clients support...

Cobalt RaQ4 Administrative Interface overflow.cgi Command Execution

/cgi-bin/.cobalt/overflow/overflow.cgi was detected. Some versions of this CGI allow remote users to execute arbitrary commands with the privileges of the web server. *** Nessus just checked the presence of this file *** but did not try to exploit the flaw, so this might *** be a false...

4553 Parasite Mothership Backdoor Detection

The backdoor software '4553' seems to be installed on this host, which indicates it has been...

KW Whois CGI whois Parameter Arbitrary Command Execution

The version of the KW whois CGI script installed on the remote web server fails to filter input to the 'whois' parameter of shell metacharacters. An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands with the privileges of the http...

Network Service Long Line Handling Remote DoS

It was possible to kill the service by sending a single long text line. This may indicate the presence of a buffer overflow. An attacker may be able to use this flaw to crash your software or even execute arbitrary code on your...

Alcatel OmniSwitch 7700/7800 Switches Backdoor Access (deprecated)

This plugin has been deprecated due to excessive false positives since it flags any telnet banner discovered on TCP...

vpopmail-CGIApps vpasswd.cgi Remote Command Execution

The 'vpasswd.cgi' CGI is installed. Some versions do not properly check for special characters and allow an attacker to execute any command on your system. Warning : Nessus solely relied on the presence of this CGI, it did not determine if you specific version is vulnerable to that...

MondoSearch MsmMask.exe Arbitrary Script Source Disclosure

The msmmask.exe CGI is installed. Some versions allow an attacker to read the source of any file in your web server's directories by using the 'mask'...

Microsoft Data Access Components RDS Data Stub Remote Overflow

The remote DLL /msadc/msadcs.dll is accessible by anyone. Several flaws have been found in it in the past. We recommend that you restrict access to MSADC only to trusted...

FreeBSD-SN-02:06

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:06 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-10-10 I. Introduction Several ports in the FreeBSD Ports Collection are affected by.....

Multiple vendors' firewalls do not adequately keep state of FTP traffic

Overview Firewalls and other systems that inspect FTP application layer traffic may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. Description Many...

NetBSD Security Advisory 2002-015: (another) buffer overrun in libc/libresolv DNS resolver

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-015 ================================= Topic: (another) buffer overrun in libc/libresolv DNS resolver Version: NetBSD-current: source prior to August 28, 2002 NetBSD-1.6 beta:...

remote SYSTEM compromise in WASD OpenVMS http server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple vulnerabilities in WASD http server for OpenVMS Version 1.0, 25 Sept 2002. Contents Summary Severity: Critical Vulnerable versions Description Solutions Examples of site weaknesses Conclusion Acknowledgments Document history ...

Bug in Opera and Konqueror

/----------------+--------------------------------------+-------------\ | sp00fed packet | | advisory #2 | +----------------+--------------------------------------+-------------+ | Product: multiply vendors browsers | |...

Microsoft Visual FoxPro fails to properly evaluate filenames before launching application

Overview There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user. Description Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute...

Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Guardent Client Advisory Multiple wordtrans-web Vulnerabilities September 6th, 2002 Summary: Guardent has discovered vulnerabilities in the wordtrans-web package. The vulnerabilities allow for remote execution of arbitrary code under the privileges of user...

phpGB 1.1 - HTML Injection

phpGB 1.1 - HTML...

phpGB 1.1 - HTML Injection

...

alya.cgi CGI Backdoor Detection

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple...

scrollkeeper.txt

...

The ScrollKeeper Root Trap

Release date : September 2 2002 Author : Spybreak ([email protected]) Package : Scrollkeeper Version : 0.3.4, 0.3.11 Severity : Medium to High Vendor homepage : scrollkeeper.sourceforge.net Status : vendor contacted Problem : Insecure creation of...

AnyForm CGI Arbitrary Command Execution

The CGI 'AnyForm2' is installed on the remote web server. Old versions of this CGI have a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or...

Achievo class.atkdateattribute.js.php config_atkroot Parameter Remote File Inclusion

The remote host is running Achievo, a web-based resource management tool written in PHP. The version of Achievo on the remote host includes a PHP script which is reported to be affected by a remote file include vulnerability. An attacker may use this flaw to inject arbitrary code in the remote...

phpAdsNew helperfunction.php Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using PHPAdsNew. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the HTTP...

Viralator CGI Script Arbitrary Command Execution

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server. ** No flaw was tested. Your script might be a safe...

Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access

The script 'basilix.php3' is installed on the remote web server. Some versions of this webmail software allow the users to read any file on the system with the permission of the webmail software, and execute any...

Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure

The remote Trend Micro OfficeScan Corporate Edition (Japanese version: Virus Buster Corporate Edition) web-based management console allows unauthenticated access to files under '/officescan/hotdownload'. Reading the configuration file 'ofcscan.ini' under that location will reveal information about....

Cobalt Qube WebMail readmsg.php mailbox Parameter Traversal Arbitrary File Access

The file '/base/webmail/readmsg.php' was detected on the remote web server. Some versions of this CGI allow remote users to read local files with the permission of the web server. *** Nessus just checked the presence of this file *** but did not try to exploit the...

PGPMail.pl detection

The 'PGPMail.pl' CGI is installed. Some versions (up to v1.31 a least) of this CGI do not properly filter user input before using it inside commands. This would allow an attacker to run any command on the server. Note: Nessus just checked the presence of this CGI but did not try to exploit the...

Sun AnswerBook2 format string and other vulnerabilities

DynaWeb httpd Format String and AnswerBook 2 Unauthenticated Admin Script Execution Vulnerabilities Release Date: August 1, 2002 Application: Solaris ab2 1.4.2 / dwhttpd 4.1a6 with patch 110011-02 (and before) Severity: Remote unprivileged execution of...

RPC rusers Remote Information Disclosure

The rusersd RPC service is running. It provides an attacker interesting information such as how often the system is being used, the names of the users, and...