MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

MailMan Webmail mmstdod.cgi Arbitrary Command Execution

The version of MailMan Webmail on the remote web server has an arbitrary command execution vulnerability. Input to the 'ALTERNATE_TEMPLATES' parameter of mmstdod.cgi is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the...

[SECURITY] New Debian ncurses packages released

Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz November 21, 2000 Package: ncurses Vulnerability: local privilege escalation Debian-specific: no Vulnerable: yes The version of the ncurses...

CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access

The 'cgiforum.pl' CGI is installed. This CGI has a well known security flaw that could let a remote attacker read arbitrary files on the remote...

Linux Multiple statd Packages Remote Format String

The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this...

Distributed GL Daemon (DGLD) allows attackers to identify IRIX systems

Overview Attackers are using the presence of the dgld service to identify SGI IRIX systems. Description The CERT/CC has received multiple reports of an apparent vulnerability in the Distributed GL Daemon on SGI IRIX systems. Upon further investigation, it is our belief that no vulnerability exists....

ADK flaw in recent versions of PGP

Overview Additional Decryption Keys (ADKs) is a feature introduced into PGP (Pretty Good Privacy) versions 5.5.x through 6.5.3 that allows authorized extra decryption keys to be added to a user's public key certificate. However, an implementation flaw in PGP allows unsigned ADKs which have been...

Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing

It is possible to retrieve the listing of the remote directories accessible via HTTP, rather than their index.html, using the Index Server service which provides WebDav capabilities to this server. This problem allows an attacker to gain more knowledge about the remote host, and may make him aware....

Extent RBS Web Server Image Parameter Traversal Arbitrary File Access

The version of Extent RBS ISP installed on the remote host fails to sanitize input to the 'Image' parameter of the 'Newuser' script. An unauthenticated, remote attacker can leverage this to read arbitrary files on the affected host with the privileges of the web...

Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing

The 'search.dll' CGI that comes with Sambar server can be used to obtain a listing of the remote web server directories even if they have a default page, such as index.html. This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the...

MultiHTML multihtml.pl Traversal Arbitrary File Access

The 'multihtml.pl' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files on the remote host through the 'multi'...

Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution

The 'calendar_admin.pl' CGI is installed. This CGI has a well known security flaw that allows a remote attacker to execute commands with the privileges of the web...

Sun Java Web Server bboard Servlet Command Execution

The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet comes with default installations of Sun Java Web Server and has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web...

Apache WebDAV Module PROPFIND Arbitrary Directory Listing

The WebDAV module can be used to obtain a listing of the remote web server directories even if they have a default page such as index.html. This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files which are not...

Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure

The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or...

Trinity v3 Trojan Detection

The remote host appears to be running Trinity v3, a Trojan Horse that can be used to control your system or make it attack another network (this is actually called a Distributed Denial Of Service attack tool). It is very likely that this host has been...

Advisory CA-2000-18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-18 PGP May Encrypt Data With Unauthorized ADKs Original release date: August 24, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected * PGP versions 5.5.x through...

Simple Web Counter swc ctr Parameter Remote Overflow

The CGI 'swc' (Simple Web Counter) is present and vulnerable to a buffer overflow when issued a too long value to the 'ctr=' argument. An attacker may use this flaw to gain a shell on this...

htgrep hdr Parameter Arbitrary File access

The 'htgrep' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon (usually root or...

Multiple Web Server ~nobody/ Request Arbitrary File Access

It is possible to access arbitrary files on the remote web server by appending ~nobody/ in front of their name (as in ~nobody/etc/passwd). This problem is due to a misconfiguration in the web server that sets 'UserDir' or its equivalent to...

Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation

The file /site/eg/source.asp is present on the remote Apache web server. This file comes with the Apache::ASP package and allows anyone to write to files in the same directory. An attacker may use this flaw to upload his own scripts and execute arbitrary commands on this...

Apache Tomcat contextAdmin Arbitrary File Access

The page /admin/contextAdmin/contextAdmin.html can be accessed. An attacker can exploit this to read arbitrary...

Apache Tomcat Snoop Servlet Remote Information Disclosure

The 'snoop' Tomcat servlet is installed. This servlet gives too much information about the remote host, such as the PATHs in use, the host kernel version, etc. A remote attacker can exploit this to gain more knowledge about the host, allowing an attacker to conduct further...

MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution

The version of MiniVend running on the remote host has an arbitrary command execution vulnerability. Input to the 'mv_arg' parameter of view_page.html is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the...

Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access

The remote ftp server contains a CGI script that provides and HTML interface. This CGI script contains a vulnerability that an attacker can use to get the listing of the content of arbitrary...

Poll It CGI data_dir Parameter Arbitrary File Access

'Poll_It_SSI_v2.0.cgi' is installed. This CGI has a well known security flaw that lets an attacker retrieve any file from the remote system, e.g....

Microsoft Windows Alerter Service Social Engineering Weakness

The alerter service is running. This service allows NT users to send pop-up messages to each other. This service can be abused by an attacker who can trick valid users into doing some actions that may harm their accounts or your network (social engineering...

Microsoft Windows Messenger Service Social Engineering Weakness

The messenger service is running. This service allows NT users to send pop-up messages to each other. This service can be abused by anyone who can trick valid users into doing some actions that may harm their accounts or your network (social engineering...

JRun viewsource.jsp Directory Traversal Arbitrary File Access

The version of JRun on the remote host has a directory traversal vulnerability in the 'source' parameter of viewsource.jsp. A remote attacker could exploit this to read arbitrary files. This could be used to read sensitive information, or information that could be used to mount further...

Potential vulnerability in Unify eWave ServletExec

Niclas Vikstrom <[email protected]> brought this to my attention. Unify eWave ServletExec <http://www.servletexec.com/> is a Java Server Pages (JSP) processing environment which runs on IIS (amongst a variety of other platforms and OS'). JSP is similar to ASP in that it allows se...

SessionWall-3 Paper + (links to) code

Dear All, The example code which compliments this paper can be found on http://www.phate.net/progs/sw3 Best regards, and enjoy. -cdx -- Design and Implementation Flaws in SessionWall-3 or "Using and Abusing SessionWall-3 with the power of...

Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay

The Sambar web server is running and the 'mailit.pl' cgi is installed. This CGI takes a POST request from any host and sends a mail to a supplied...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (2)

...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (1)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (3)

...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (3)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow...

S.u.S.E Linux 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Local Buffer Overflow (1)

...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (2)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow...

SubSeven Trojan Detection

This host seems to be running SubSeven on this port. SubSeven is a Trojan Horse which allows an intruder to take the control of the remote computer. An attacker may use it to steal your passwords, modify your data, and preventing you from working...

Gnapster Absolute Path Name Request Arbitrary File Access

An insecure Napster clone (e.g. Gnapster or Knapster) is running on the remote computer, which allows an intruder to read arbitrary files on this system, regardless of the shared status of the...

Cart32 Backdoor Password Arbitrary Command Execution

The Cart32 e-commerce shopping cart is installed. This software contains multiple security flaws. There is a backdoor password of 'wemilo' in cart32.exe. This backdoor allows a remote attacker to run arbitrary commands in the context of the web server, and access credit card information....

BizDB bizdb-search.cgi Arbitrary Command Execution

BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the web server. The variable is dbname, and if passed a...

Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability

Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern (UTC-0400). Summary A defect in multiple Cisco IOS software versions will cause a Cisco router to reload unexpectedly when the router is tested for security...

Microsoft FrontPage dvwssr.dll Multiple Vulnerabilities

The version of Microsoft FrontPage running on the remote host has the following vulnerabilities in '/_vti_bin/_vti_aut/dvwssr.dll' : A security bypass vulnerability that allows anyone with web authoring permissions to alter other users' files. A remote buffer overflow vulnerability that...

Dansie Shopping Cart Backdoor Detection

The script /cart/cart.cgi is present. If this shopping cart system is the Dansie Shopping Cart, and if it is older than version 3.0.8 then it is very likely that it contains a backdoor that allows anyone to execute arbitrary commands on this...

Windmail.exe Shell Metacharacter Arbitrary Command Execution

The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote...

Fortres4-analysis.txt

...

Esafe Protect Gateway (CVP) does not scan virus under some conditions

Hi, After notification of the manufacturer here is the full report on a problem noted with Esafe Protect Gateway. SUMMARY The Esafe Protect Gateway (ESPG) does not scan some files in combination with FireWall-1 and CVP. DETAILS If you want the Esafe Protect Gateway to scan all content for the...

Microsoft IIS newdsn.exe Arbitrary File Creation

The CGI /scripts/tools/newdsn.exe is present. This CGI allows any attacker to create files anywhere on your system if your NTFS permissions are not tight enough, and can be used to overwrite DSNs of existing...

Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution

/scripts/tools/ctss.idc is present. Input to the 'table' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL commands. If xp_cmdshell is enabled, this could result in arbitrary command...

Microsoft IIS MDAC RDS (msadcs.dll) Arbitrary Remote Command Execution

The web server is probably susceptible to a common IIS vulnerability discovered by 'Rain Forest Puppy'. This vulnerability enables an attacker to execute arbitrary commands on the server with Administrator Privileges. *** Nessus solely relied on the presence of the file /msadc/msadcs.dll *** so...