Agora.CGI 3/4 - Debug Mode Full Path Disclosure

source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stored in. This is possible by making ...

Agora.CGI 34 - Debug Mode Full Path Disclosure

Agora.CGI 34 - Debug Mode Full Path Disclosure source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi...

dnrd 2.10 dos

Program: dnrd Version: 2.10 Distro: n/a Problem: There are various problems with dnrd's dns request and reply functions, that cause it to crash. Reproduce: Using two consoles, I did the following Terminal one got: andrewg@blackhole /data/audit/dnrd-2.10/src$ gdb dnrd GNU gdb 5.0rh-5 Red Hat Linux...

PT-2001-2334 · Agora · Agora

Name of the Vulnerable Software and Affected Versions: Agora versions 3.0a through 4.0g Description: The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue...

Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting

source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...

WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability

Overview WU-FTPD contains a format string vulnerability that manifests when WU-FTPD is configured to use RFC 931 authentication and is run in debug mode. A crafted identd response could be used to execute arbitrary code on a vulnerable server. Description A format string vulnerability exists in t...

DoS против postfix (memory exhaustion)

Отладочная информация накапливается в памяти без ограничения...

ColdFusion Debug Mode Information Disclosure

It is possible to see the ColdFusion Debug Information by appending '?Mode=debug' at the end of the request. ColdFusion 4.5 and 5.0 are definitely concerned probably in addition older versions. The Debug Information usually contain sensitive data such as Template Path or Server Version...

CVE-2001-0715

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode...

CVE-2001-1462

WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information...

CVE-2001-0715

CVE-2001-0715 affects Sendmail up to version 8.12.0/8.12.x prior to 8.12.1. The flaw allows a local user to disclose sensitive information about the mail queue by enabling debug flags (-d) when RestrictQueueRun is not enabled. The OpenVAS/Nessus entries confirm the vulnerability is a local inform...

CVE-2001-0412

CVE-2001-0412 affects Cisco Content Services (CSS) switch products 11800 and earlier (Arrowpoint). The vulnerability allows a local user to gain privileges by entering debug mode, with a CVSSv2 base score of 7.2 (HIGH): local attack vector, low complexity, no authentication, andComplete impact on...

CVE-2001-0412

Cisco Content Services CSS switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode...

CVE-1999-1141

Ascom Timeplex router allows remote attackers to obtain sensitive information or conduct unauthorized activities by entering debug mode through a sequence of CTRL-D characters...

Ошибки в sendmail debug (signed/unsigned)

при использовании ключа -d используется знаковое число после присвоения ему беззнакового значения в качестве индекса массива, что позволяет адресовать отрицательное смещение...

CVE-2001-0412

Cisco Content Services CSS switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode...

Hewlett-Packard MPE/iX NM Debug does not always handle breakpoints correctly

Overview There is a problem in the NM Debug facility of MPE/iX that allows users to gain unauthorized privileges. Description The problem affects HP3000 systems running MPE/iX versions 5.5 through 6.5. HP has published a security bulletin describing the solution to this vulnerability...

Проблема с отладочными регистрами в Windows 2000 (debug registers privelege elevation)

Используя отладочные регистры DR0-DR7 можно "убить" привелегированный процесс и перехватить его именованные каналы, получив системные права...

Elevation of privileges with debug registers on Win2K

Georgi Guninski security advisory 45, 2001 Elevation of privileges with debug registers on Win2K Systems affected: Win2K, Win2K SP1 have not tested on Win2K SP2 but according to Microsoft SP2 fixes this Risk: High Date: 24 May 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski...