Cold Fusion Administration Page Overflow DoS
A denial of service vulnerability exists within the Allaire ColdFusion web application server (version 4.5.1 and earlier) which allows an attacker to overwhelm the web server and deny legitimate web page requests. By downloading and altering the login HTML form, an attacker can send overly large...
6.3AI Score
0.023EPSS
Security Advisory: FreeBSD-SA-00:77.procfs
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:77 Security Advisory FreeBSD, Inc. Topic: Several...
0.4AI Score
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:77 Security Advisory FreeBSD, Inc. Topic: Several vulnerabilities in procfs [REVISED] Category: core Module: procfs Announced: 2000-12-18 Reissued: 2000-12-29 Affects:...
0.5AI Score
MailMan Webmail mmstdod.cgi Arbitrary Command Execution
The version of MailMan Webmail on the remote web server has an arbitrary command execution vulnerability. Input to the 'ALTERNATE_TEMPLATES' parameter of mmstdod.cgi is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the...
7.6AI Score
0.082EPSS
[SECURITY] New Debian ncurses packages released
Debian Security Advisory [email protected] http://www.debian.org/security/ Daniel Jacobowitz November 21, 2000 Package: ncurses Vulnerability: local privilege escalation Debian-specific: no Vulnerable: yes The version of the ncurses...
1.2AI Score
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
The 'cgiforum.pl' CGI is installed. This CGI has a well known security flaw that could let a remote attacker read arbitrary files on the remote...
6.5AI Score
0.032EPSS
Linux Multiple statd Packages Remote Format String
The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this...
7.2AI Score
0.081EPSS
Distributed GL Daemon (DGLD) allows attackers to identify IRIX systems
Overview Attackers are using the presence of the dgld service to identify SGI IRIX systems. Description The CERT/CC has received multiple reports of an apparent vulnerability in the Distributed GL Daemon on SGI IRIX systems. Upon further investigation, it is our belief that no vulnerability exists....
1.7AI Score
0.003EPSS
ADK flaw in recent versions of PGP
Overview Additional Decryption Keys (ADKs) is a feature introduced into PGP (Pretty Good Privacy) versions 5.5.x through 6.5.3 that allows authorized extra decryption keys to be added to a user's public key certificate. However, an implementation flaw in PGP allows unsigned ADKs which have been...
-0.3AI Score
0.002EPSS
Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
It is possible to retrieve the listing of the remote directories accessible via HTTP, rather than their index.html, using the Index Server service which provides WebDav capabilities to this server. This problem allows an attacker to gain more knowledge about the remote host, and may make him aware....
6.8AI Score
0.038EPSS
Extent RBS Web Server Image Parameter Traversal Arbitrary File Access
The version of Extent RBS ISP installed on the remote host fails to sanitize input to the 'Image' parameter of the 'Newuser' script. An unauthenticated, remote attacker can leverage this to read arbitrary files on the affected host with the privileges of the web...
6.5AI Score
0.012EPSS
Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing
The 'search.dll' CGI that comes with Sambar server can be used to obtain a listing of the remote web server directories even if they have a default page, such as index.html. This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the...
6.5AI Score
0.015EPSS
MultiHTML multihtml.pl Traversal Arbitrary File Access
The 'multihtml.pl' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files on the remote host through the 'multi'...
6.6AI Score
0.012EPSS
Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution
The 'calendar_admin.pl' CGI is installed. This CGI has a well known security flaw that allows a remote attacker to execute commands with the privileges of the web...
7AI Score
0.022EPSS
Sun Java Web Server bboard Servlet Command Execution
The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet comes with default installations of Sun Java Web Server and has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web...
7.3AI Score
0.003EPSS
Apache WebDAV Module PROPFIND Arbitrary Directory Listing
The WebDAV module can be used to obtain a listing of the remote web server directories even if they have a default page such as index.html. This allows an attacker to gain valuable information about the directory structure of the remote host and could reveal the presence of files which are not...
6.5AI Score
0.015EPSS
Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or...
6.5AI Score
0.89EPSS
The remote host appears to be running Trinity v3, a Trojan Horse that can be used to control your system or make it attack another network (this is actually called a Distributed Denial Of Service attack tool). It is very likely that this host has been...
6.4AI Score
0.006EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-18 PGP May Encrypt Data With Unauthorized ADKs Original release date: August 24, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected * PGP versions 5.5.x through...
-0.4AI Score
Simple Web Counter swc ctr Parameter Remote Overflow
The CGI 'swc' (Simple Web Counter) is present and vulnerable to a buffer overflow when issued a too long value to the 'ctr=' argument. An attacker may use this flaw to gain a shell on this...
AI Score
htgrep hdr Parameter Arbitrary File access
The 'htgrep' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon (usually root or...
6.6AI Score
0.005EPSS
Multiple Web Server ~nobody/ Request Arbitrary File Access
It is possible to access arbitrary files on the remote web server by appending ~nobody/ in front of their name (as in ~nobody/etc/passwd). This problem is due to a misconfiguration in the web server that sets 'UserDir' or its equivalent to...
-0.5AI Score
Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
The file /site/eg/source.asp is present on the remote Apache web server. This file comes with the Apache::ASP package and allows anyone to write to files in the same directory. An attacker may use this flaw to upload his own scripts and execute arbitrary commands on this...
7.4AI Score
0.008EPSS
Apache Tomcat contextAdmin Arbitrary File Access
The page /admin/contextAdmin/contextAdmin.html can be accessed. An attacker can exploit this to read arbitrary...
6.5AI Score
0.002EPSS
Apache Tomcat Snoop Servlet Remote Information Disclosure
The 'snoop' Tomcat servlet is installed. This servlet gives too much information about the remote host, such as the PATHs in use, the host kernel version, etc. A remote attacker can exploit this to gain more knowledge about the host, allowing an attacker to conduct further...
6.4AI Score
0.062EPSS
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
The version of MiniVend running on the remote host has an arbitrary command execution vulnerability. Input to the 'mv_arg' parameter of view_page.html is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the...
7.5AI Score
0.006EPSS
Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access
The remote ftp server contains a CGI script that provides and HTML interface. This CGI script contains a vulnerability that an attacker can use to get the listing of the content of arbitrary...
6.6AI Score
0.003EPSS
Poll It CGI data_dir Parameter Arbitrary File Access
'Poll_It_SSI_v2.0.cgi' is installed. This CGI has a well known security flaw that lets an attacker retrieve any file from the remote system, e.g....
6.4AI Score
0.038EPSS
Microsoft Windows Alerter Service Social Engineering Weakness
The alerter service is running. This service allows NT users to send pop-up messages to each other. This service can be abused by an attacker who can trick valid users into doing some actions that may harm their accounts or your network (social engineering...
6.3AI Score
0.015EPSS
Microsoft Windows Messenger Service Social Engineering Weakness
The messenger service is running. This service allows NT users to send pop-up messages to each other. This service can be abused by anyone who can trick valid users into doing some actions that may harm their accounts or your network (social engineering...
6.4AI Score
0.015EPSS
JRun viewsource.jsp Directory Traversal Arbitrary File Access
The version of JRun on the remote host has a directory traversal vulnerability in the 'source' parameter of viewsource.jsp. A remote attacker could exploit this to read arbitrary files. This could be used to read sensitive information, or information that could be used to mount further...
6.2AI Score
0.005EPSS
Potential vulnerability in Unify eWave ServletExec
Niclas Vikstrom <[email protected]> brought this to my attention. Unify eWave ServletExec <http://www.servletexec.com/> is a Java Server Pages (JSP) processing environment which runs on IIS (amongst a variety of other platforms and OS'). JSP is similar to ASP in that it allows se...
0.2AI Score
SessionWall-3 Paper + (links to) code
Dear All, The example code which compliments this paper can be found on http://www.phate.net/progs/sw3 Best regards, and enjoy. -cdx -- Design and Implementation Flaws in SessionWall-3 or "Using and Abusing SessionWall-3 with the power of...
-0.5AI Score
Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay
The Sambar web server is running and the 'mailit.pl' cgi is installed. This CGI takes a POST request from any host and sends a mail to a supplied...
-0.4AI Score
7.4AI Score
EPSS
S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow...
AI Score
7.4AI Score
EPSS
S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow...
0.1AI Score
7.4AI Score
EPSS
S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow...
0.2AI Score
This host seems to be running SubSeven on this port. SubSeven is a Trojan Horse which allows an intruder to take the control of the remote computer. An attacker may use it to steal your passwords, modify your data, and preventing you from working...
0.3AI Score
Gnapster Absolute Path Name Request Arbitrary File Access
An insecure Napster clone (e.g. Gnapster or Knapster) is running on the remote computer, which allows an intruder to read arbitrary files on this system, regardless of the shared status of the...
6.7AI Score
0.042EPSS
Cart32 Backdoor Password Arbitrary Command Execution
The Cart32 e-commerce shopping cart is installed. This software contains multiple security flaws. There is a backdoor password of 'wemilo' in cart32.exe. This backdoor allows a remote attacker to run arbitrary commands in the context of the web server, and access credit card information....
7AI Score
0.022EPSS
BizDB bizdb-search.cgi Arbitrary Command Execution
BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open() call and can therefore be made to execute commands at the privilege level of the web server. The variable is dbname, and if passed a...
6.9AI Score
0.014EPSS
Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability
Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern (UTC-0400). Summary A defect in multiple Cisco IOS software versions will cause a Cisco router to reload unexpectedly when the router is tested for security...
-0.1AI Score
Microsoft FrontPage dvwssr.dll Multiple Vulnerabilities
The version of Microsoft FrontPage running on the remote host has the following vulnerabilities in '/_vti_bin/_vti_aut/dvwssr.dll' : A security bypass vulnerability that allows anyone with web authoring permissions to alter other users' files. A remote buffer overflow vulnerability that...
7.6AI Score
0.015EPSS
Dansie Shopping Cart Backdoor Detection
The script /cart/cart.cgi is present. If this shopping cart system is the Dansie Shopping Cart, and if it is older than version 3.0.8 then it is very likely that it contains a backdoor that allows anyone to execute arbitrary commands on this...
7.2AI Score
0.015EPSS
Windmail.exe Shell Metacharacter Arbitrary Command Execution
The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote...
7.3AI Score
0.008EPSS
AI Score
Esafe Protect Gateway (CVP) does not scan virus under some conditions
Hi, After notification of the manufacturer here is the full report on a problem noted with Esafe Protect Gateway. SUMMARY The Esafe Protect Gateway (ESPG) does not scan some files in combination with FireWall-1 and CVP. DETAILS If you want the Esafe Protect Gateway to scan all content for the...
-0.3AI Score