Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service (SSRS) was introduced in Microsoft SQL Server 2000 to provide referral services for...
0.3AI Score
0.098EPSS
Overview Systems running Microsoft Windows 98, NT, Windows 2000, or Windows XP DNS resolvers accept DNS replies from any IP address, not just the ones being sent DNS requests. This may lead to domain information spoofing or DNS cache poisoning. Description Microsoft Windows systems use a caching...
-0.1AI Score
@stake Advisory: Multiple Vulnerabilities with Pingtel xpressa SIP Phones
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Multiple Vulnerabilities with Pingtel xpressa SIP Phones Release Date: 07/12/2002 Hardware: Pingtel xpressa SIP...
0.1AI Score
0.012EPSS
Icecast list_directory Function Traversal File/Directory Enumeration
The remote server does not return the same error codes when it is requested a nonexistent directory and an existing one. An attacker may use this flaw to deduct the presence of several key directory on the remote server, and therefore gain further knowledge about...
-0.5AI Score
0.043EPSS
Web Server Directory Enumeration
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...
9.6AI Score
0.002EPSS
7.4AI Score
EPSS
YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
YaBB 1 - Invalid Topic Error Page Cross-Site...
-0.3AI Score
nCipher Advisory #4: Console Java apps can leak passphrases on Windows
nCipher[TM] Security Advisory No. 4 Console Java applications can leak passphrases on Windows SUMMARY In certain circumstances, Java[TM] applications using the standard nCipher ConsoleCallBack class on Windows NT/2000 can be made to leak smart card passphrases to the current user's shell. One...
-0.4AI Score
Imatix Xitami 2.5 - GSL Template Cross-Site Scripting
Imatix Xitami 2.5 - GSL Template Cross-Site...
-0.1AI Score
7.4AI Score
EPSS
Author Tom Vogt <[email protected]> http://web.lemuria.org/ Affected Mozilla 1.0 and earlier verified on Linux and Solaris, other Unixes most likely affected as well. Effect System becomes unuseable or X windows crashes (varies depending on system configuration) Description When loading pages w...
-0.7AI Score
Marcus Xenakis directory.php Execute Arbitrary Commands
The 'directory.php' file is installed. 1. This tool allows anybody to read any directory. 2. It is possible to execute arbitrary code with the rights of the HTTP...
0.5AI Score
0.012EPSS
Three possible DoS attacks against some IOS versions.
There are three possible unreported DoS conditions in certain versions of IOS I could get my hands on. When scanning all 65535 ports from a single host using nmap (full connect/half connect/null/fin/ack/xmas) through a Cisco 2611 running C2600-IO3-M, Version 12.1(6.5)the router crashes. Same...
-0.3AI Score
JRun Multiple Sample Files Remote Information Disclosure
This host is running the Allaire JRun web server and has sample files installed. Several of the sample files that come with JRun contain serious security flaws. An attacker can use these scripts to relay web requests from this machine to another one or view sensitive configuration information as...
-0.3AI Score
0.005EPSS
Microsoft IIS Potentially Compromised Host Detection
One or more files were found on this host that indicate a possible...
AI Score
SNMP Request Cisco Router Information Disclosure
It is possible to determine the model of the remote CISCO system by sending SNMP requests with the OID 1.3.6.1.4.1.9.1. An attacker may use this information to gain more knowledge about the remote...
7.1AI Score
ping.asp CGI Arbitrary Command Execution
The 'ping.asp' CGI is installed. Some versions allow an attacker to launch a ping flood against the targeted machine or another by entering '127.0.0.1 -l 65000 -t' in the Address...
7.2AI Score
YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CMailServer 3.30 uses sprintf() without any previous bounds checking while testing for the presence of the passed USER argument's home directory within 'mail'.. sprintf(%s\mail\%s, CMail path ptr, USER arg ptr) you know how the story goes, we can...
-0.3AI Score
Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure
Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or...
6.4AI Score
0.946EPSS
7.4AI Score
EPSS
Youngzsoft CMailServer 3.304.0 - Remote Buffer Overflow (1)
Youngzsoft CMailServer 3.304.0 - Remote Buffer Overflow...
0.6AI Score
Advisory CA-2002-11 Heap Overflow in Cachefs Daemon (cachefsd)
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-11 Heap Overflow in Cachefs Daemon (cachefsd) Original release date: May 06, 2002 Last revised: Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected * Sun Solaris 2.5.1, 2.6, 7, and 8...
0.1AI Score
0.029EPSS
Overview Sun's NFS/RPC cachefs daemon (cachefsd) is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 (SPARC and Intel architectures). Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow...
0.3AI Score
0.194EPSS
Solaris rpc.rwalld Remote Format String Arbitrary Code Execution
The rpc.walld RPC service is running. Some versions of this server allow an attacker to gain root access remotely, by consuming the resources of the remote host then sending a specially formed packet with format strings to this host. Solaris 2.5.1, 2.6, 7, 8 and 9 are vulnerable to this issue....
0.4AI Score
0.827EPSS
7.4AI Score
EPSS
-0.1AI Score
CGIscript.net - csMailto.cgi - Remote Command Execution
CGIscript.net - csMailto.cgi - Remote Command Execution Name : CGIscript.net - csMailto.cgi - Remote Command Execution Date : April 23, 2002 Product : csMailto Vuln Type : Access Validation Error Severity : HIGH RISK Vendor : WWW.CGIscript.NET, LLC. Homepage :...
-0.1AI Score
I have recently realized a security issue in some of the restricted shells on *NIX systems. I am not sure if I am the first one to discover the problem I am going to discuss but I am sure that it has not been posted yet, atleast not that I know of. Basically this is the issue: Affected Systems:...
0.3AI Score
Apache on Windows < 1.3.24 / 2.0.x < 2.0.34 DOS Batch File Arbitrary Command Execution
Apache for Win32 prior to 1.3.24 and 2.0.x prior to 2.0.34-beta is shipped with a default script, '/cgi-bin/test-cgi.bat', that allows an attacker to remotely execute arbitrary commands on the host subject to the permissions of the affected application. An attacker can send a pipe character '|'...
1AI Score
0.108EPSS
Microsoft IIS Multiple Vulnerabilities (MS02-018)
This IIS Server appears to be vulnerable to one of the cross-site scripting attacks described in MS02-018. The default '404' file returned by IIS uses scripting to output a link to the top level domain part of the url requested. By crafting a particular URL, it is possible to insert arbitrary...
6.6AI Score
0.943EPSS
Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic
Overview The default configuration of the IP Masquerade feature of certain Linux 2.2 kernels may allow unsolicited inbound UDP packets to traverse a NAT gateway and reach a translated network. Description As defined in RFC 1631, Network Address Translation (NAT) provides a means to translate a...
-0.2AI Score
0.003EPSS
EFTP Multiple Command Traversal Arbitrary Directory Listing
The version of EFTP installed on the remote host can be used to determine if a given file exists on the remote host or not, by adding dot-dot-slashes in front of them. For instance, it is possible to determine the presence of '\autoexec.bat' by using the command SIZE or MDTM with the argument...
0.5AI Score
0.043EPSS
csSearch csSearch.cgi setup Parameter Arbitrary Command Execution
The version of csSearch running on the remote host has a command execution vulnerability. Input to the 'print' parameter of 'csSearch.cgi' is not properly sanitized. A remote attacker could exploit this by executing arbitrary system commands with the privileges of the web...
1.2AI Score
0.026EPSS
There are common methods allowing to bypass almost any content filtering software (antiviral products, CVP firewalls, mail attachment filters, etc). I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. Encoded...
-0.5AI Score
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local...
7AI Score
0.004EPSS
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local...
6.6AI Score
0.004EPSS
MS02-006: Malformed SNMP Management Request Remote Overflow (314147)
A buffer overrun is present in the SNMP service on the remote host. By sending a malformed management request, an attacker could cause a denial of service and possibly cause code to run on the system in the LocalSystem...
0.3AI Score
0.949EPSS
Microsoft Security Bulletin MS02-005
Title: 11 February 2002 Cumulative Patch for Internet Explorer Date: 11 February 2002 Software: Internet Explorer Impact: Run Code of Attacker's Choice Max Risk: Critical Bulletin: MS02-005 Microsoft encourages customers to review the Security Bulletin at: ...
0.2AI Score
MS01-059: Unchecked Buffer in Universal Plug and Play can Lead to System Compromise (315000)
Using a specially crafted NOTIFY directive, a remote attacker can cause code to run in the context of the Universal Plug and Play (UPnP) subsystem or possibly launch a denial of service attack against the affected host. Note that, under Windows XP, the UPnP subsystem operates with SYSTEM...
0.9AI Score
0.972EPSS
Cgisecurity Paper #4: Header Based Exploitation: Web Statistical Software Threats
Hello, Below is a paper I wrote on some threats that web statistical software faces in regards to header manipulation. I've decided to include 1 product affected by this to show that this is very possible. Product: w3perl Vendor: http://www.w3perl.com Patch: http://www.w3perl.com/download/...
0.2AI Score
PIX 'established' and 'conduit' command may have unexpected interactions
Overview A somewhat common configuration of Cisco PIX firewalls may permit a window of opportunity in which an intruder can bypass the firewall. This problem was first publicly described in July, 1998. Description Cisco PIX firewalls protecting servers which offer service to the internet-at-large.....
AI Score
[RHSA-2001:164-08] Updated secureweb packages available
Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated secureweb packages available Advisory ID: RHSA-2001:164-08 Issue date: 2001-12-05 Updated on: 2001-12-07 Product: Red Hat Secure Web Server Keywords: secureweb directory listing Cross...
-0.4AI Score
0.965EPSS
Title: Malformed Excel or PowerPoint Document Can Bypass Macro Security Date: 04 October 2001 Software: Microsoft Excel or PowerPoint for Windows or Macintosh Impact: Run Code Of Attacker's Choice Bulletin: MS01-050 Microsoft encourages customers to review the...
0.6AI Score
Nimda Worm Infected HTML File Detection
The remote web server appears to have been compromised by the Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the server. Visitors to such a compromised web server may be prompted to download an .eml (Outlook Express) email file, which contains the worm as an...
-0.4AI Score
Apache UserDir Directive Username Enumeration
When configured with the 'UserDir' option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home. For instance, by default, requesting /~root/ displays the HTML contents from /root/public_html/. If the username requested does not....
8.9AI Score
0.036EPSS
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on...
-0.1AI Score
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local...
6.6AI Score
0.004EPSS
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
SuSE CGI 'sdbsearch.cgi' is installed. This CGI allows a local (and possibly remote) user to execute arbitrary commands with the privileges of the HTTP...
7.1AI Score
0.047EPSS
OmniHTTPd Encoded Space Request Script Source Disclosure
OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as.....
6.2AI Score
0.016EPSS
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
The CGI 'book.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http...
7.3AI Score
0.208EPSS