CVE-2002-0856

SQLNET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service crash via certain debug requests that are not properly handled by the debugging feature...

CVE-2002-0918

The vulnerability CVE-2002-0918 affects CGIScript.net csPassword.cgi. The root cause is leakage of the server pathname via debug messages generated on script failure, which can be triggered through a remote attacker using a remove option in the command parameter to cause an error. Impact is expos...

EUVD-2002-0909

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...

Sendmail RestrictQueueRun Option Debug Mode Information Disclosure

According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running sendmail -q -d0-nnnn.xxx where nnnn & xxx...

CVE-2001-1199

Agora CGI Cross Site Scripting (CVE-2001-1199) affects Agora versions 3.0a–4.0g due to improper input validation in the cart_id parameter when debug mode is on, enabling remote attackers to execute JavaScript in other clients. The vulnerability is documented in multiple sources (e.g., OpenVAS des...

CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cartid parameter...

Multiple Vulnerabilities in CISCO VoIP Phones

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abstract - -------- The 7900 line of VoIP phones from Cisco contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information; the phones are also weak in ways that facilitate man-in-the-middle attacks...

Debploit: Microsoft Windows NT/2000 debug API privelege escalation

By connection to PLC port DbgSsApiPOrt it's possible to obtain handler for any process or thread for debugging...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-2002-0215

Agora.cgi versions 3.2r through 4.0 in debug mode disclose the full pathname of the agora.cgi file when a non-existent .html file is requested, enabling remote disclosure of server file paths. This is an information disclosure vulnerability in the web application component. The affected component...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-1999-1309

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug -d command line option...

CVE-1999-1309

The CVE-1999-1309 entry describes a local privilege escalation in Sendmail via a long value in the debug -d option, enabling root access on affected systems. According to connected sources, this affects Sendmail 8.x prior to 8.6.7 (long debug overflow). The underlying issue is a local overflow tr...

Agora.CGI 3/4 - Debug Mode Full Path Disclosure

source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stored in. This is possible by making ...

Agora.CGI 34 - Debug Mode Full Path Disclosure

Agora.CGI 34 - Debug Mode Full Path Disclosure source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi...

dnrd 2.10 dos

Program: dnrd Version: 2.10 Distro: n/a Problem: There are various problems with dnrd's dns request and reply functions, that cause it to crash. Reproduce: Using two consoles, I did the following Terminal one got: andrewg@blackhole /data/audit/dnrd-2.10/src$ gdb dnrd GNU gdb 5.0rh-5 Red Hat Linux...

PT-2001-2334 · Agora · Agora

Name of the Vulnerable Software and Affected Versions: Agora versions 3.0a through 4.0g Description: The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue...

Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting

source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...

WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability

Overview WU-FTPD contains a format string vulnerability that manifests when WU-FTPD is configured to use RFC 931 authentication and is run in debug mode. A crafted identd response could be used to execute arbitrary code on a vulnerable server. Description A format string vulnerability exists in t...