SIGMA Lite & Lite + Security Vulnerabilities

Snapgear Lite+ DoS

Multiple scenarios for DoS...

Multiple vulnerabilities in SNMPv1 request handling

Overview Multiple vendor SNMPv1 GetRequest, GetNextRequest__, and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages...

Multiple vulnerabilities in SNMPv1 trap handling

Overview Multiple vendor SNMPv1 _Trap _handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below....

php breaks safe mode

Laberatoire Contempt Date : 12/06/2001 Author : Joost Pol alias 'Nohican' ([email protected]) Impact : Minor in most cases. Subject : PHP safe_mode troubles. PHP Version 4.0.5 breaks safe-mode. 1.0 - Description of the problem An extra 5th parameter was added to the mail() command...

CVE-2001-0206

Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET...

CVE-2001-0206

Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET...

vBulletin allows arbitrary code execution

OVERVIEW vBulletin (http://www.vbulletin.com) is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval() function. This could be...

CVE-2001-0206

Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a...

Vulnerability in Soft Lite ServerWorx

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Soft Lite ServerWorx Overview Soft Lite ServerWorx v3.00 is a web server available from http://www.zdnet.com and http://www.softlite.net. A vulnerability exists which allows a remote user to break out of the web...

soft lite serverworx 3.0 - Directory Traversal

soft lite serverworx 3.0 - Directory...

soft lite serverworx 3.0 - Directory Traversal

...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a...

Дырка в Subscribe Me

Любой желающий может удалить адрес из списка...

Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.

note : This is not apparent in the commercial versions, (tested on three different versions ) the author was notified and appropriate changes have since been made. product page - http://www.cgiscriptcenter.com/subscribe/index2.html vendor notice - Security Advisory: Users of Subscribe Me Lite 1.0.....

Дырки в почтовых программах под Windows

Дырки во многих программаз работающих через коммандную строку используемых на...

XATO Advisory: Win32 Command-Line Mailers

Xato Network Security, Inc. www.xato.net Security Advisory XATO-122000-01 December 12, 2000 - MULTIPLE VENDOR COMMAND-LINE MAILER HOLES - SMTP Command-Line Mailers on Win32 Web Servers Systems...

CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd...

CVE-2000-0689

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd...

CVE-2000-0689

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd...

CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd...

auction.weaver.txt

...

CVE-2000-0689

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd...

CVE-2000-0688

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

CGI Script Center Auction Weaver 1.0.2 - Remote Command...

Auction WeaverT LITE 1.0

Hi, I don't know if this has been reported before. Auction Weaver allow you to read files from server. Remote users can view source of files on server. http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=c at17&fromfile=967251278%2Edat...

Subscribe Me Vulnerability

Product: Subscribe Me Versions: ALL version numbers LITE only OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: Yet again the script allows a remote user to overwrite the Admin Passwd file with any password they see fit. Therefore giving them Admin access to the...

Account Manager CGI Vulnerability

Product: Account Manager Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration...

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (2)

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration...

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (1)

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration...

CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)

...

CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (1)

...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (2)

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (2)

...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)

...

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form...

QuickCommerce 2.5/3.0 / Cart32 2.5 a/3.0 / Shop Express 1.0 / StoreCreator 3.0 Web Shopping Cart - Hidden Form Field

...

FreeBSD_DoS.txt

...

FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service

...

FreeBSD 3.03.13.2 - vfs_cache Denial of Service

FreeBSD 3.03.13.2 - vfs_cache Denial of...

Webcart Default Install Configuration Disclosure

At least one of these file or directories is world readable : /webcart/orders/ /webcart/orders/import.txt /webcart/carts/ /webcart/config/ /webcart/config/clients.txt /webcart-lite/orders/import.txt /webcart-lite/config/clients.txt This misconfiguration may allow an attacker to gather the...

Hughes Technologies Mini SQL (mSQL) 2.02.0.10 - Information Disclosure

Hughes Technologies Mini SQL (mSQL) 2.02.0.10 - Information...

Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure

...

hotmail.browser.trust.txt

...

FreeBSD-SA-96:16.rdist

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:16 Security Advisory Revised: Fri Jul 12 09:32:53 PDT 1996 FreeBSD, Inc. Topic: security vulnerability in rdist Category: core Module: rdist Announced: 1996-07-12 Affects:....

FreeBSD-SA-96:10.mount_union

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:10 Security Advisory Revised: Wed May 22 00:20:23 PDT 1996 FreeBSD, Inc. Topic: system stability compromise via mount_union program Category: core Module: unionfs...

CVE-2024-35312

In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka...