2363 matches found
3R Soft MailStudio 2000 2.0 - Arbitrary File Access
3R Soft MailStudio 2000 2.0 - Arbitrary File Access source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI,...
Gnapster Absolute Path Name Request Arbitrary File Access
An insecure Napster clone e.g. Gnapster or Knapster is running on the remote computer, which allows an intruder to read arbitrary files on this system, regardless of the shared status of the files. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10408; scriptversion...
MERCUR Mailserver Local Traversal Arbitrary File Access
According to its banner, the version of MERCUR Messaging running on the remote host has a directory traversal vulnerability. An authenticated, remote attacker could exploit this to read or write arbitrary files on the system. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
TalentSoft Web+ Input Validation Bug Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sword & Shield Enterprise Security, Inc. - Security Advisory www.sses.net, Copyright c 2000 Advisory: TalentSoft Web+ Input Validation Bug Vulnerability Release Date: April 12, 2000 Application: webpsvr Severity: A remote user can access web server...
TalentSoft Web+ 4.x - Directory Traversal
TalentSoft Web+ 4.x - Directory Traversal source: https://www.securityfocus.com/bid/1102/info Web+ is an e-commerce server designed to run under a webserver, to provide web storefronts. The various scripts that are required to do this are specified to the webpsvr daemon via a 'script' variable...
TalentSoft Web+ 4.x - Directory Traversal
source: https://www.securityfocus.com/bid/1102/info Web+ is an e-commerce server designed to run under a webserver, to provide web storefronts. The various scripts that are required to do this are specified to the webpsvr daemon via a 'script' variable passed to the webplus CGI. This CGI can be...
Netscape PSCOErrPage.htm errPagePath Parameter Traversal Arbitrary File Access
The '/PSUser/PSCOErrPage.htm' CGI allows a malicious user to view any file on the target computer by issuing a GET request : GET /PSUser/PSCOErrPage.htm?errPagePath=/file/to/read %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
TalentSoft Web+ webplus CGI Traversal Arbitrary File Access
The 'webplus' CGI allows an attacker to view any file on the target computer by requesting : GET /cgi-bin/webplus?script=/../../../../etc/passwd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10367; scriptversion"1.33"; scriptcveid"CVE-2000-0282"...
Stalker CommuniGate Pro 3.2.4 - Arbitrary File Read
source: https://www.securityfocus.com/bid/1493/info A vulnerability exists in the CommuniGate Pro product, from Stalker. It is possible to exploit this vulnerability to read arbitrary files on the filesystem. As CommuniGate Pro runs as root, any file can be accessed. Using this flaw, it is possib...
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
The 'sojourn.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10349;...
Microsoft IIS idq.dll Traversal Arbitrary File Access
There is a vulnerability in idq.dll which allows any remote user to read any file on the target system through the 'query.idq' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10115; scriptversion"1.38";...
CVE-1999-0737
CVE-1999-0737 : The IIS/Site Server sample file viewcode.asp allows remote attackers to read arbitrary files, causing information disclosure. Affected component: the viewcode.asp file on Microsoft Internet Information Services (IIS) / Site Server. Root cause: the file exposes the server’s filesys...
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Home Free search.cgi Traversal Arbitrary File Access
The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...
CVE-2000-0044
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands...
Matt Wright FormHandler.cgi Arbitrary File Access
The 'FormHandler.cgi' CGI application installed on the remote host is affected by an information disclosure vulnerability that lets anyone read arbitrary files with the privileges of the web server. An unauthenticated, remote attacker can exploit this to disclose sensitive information, which coul...
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
The 'bigconf' CGI is installed. This CGI has a well-known security flaw that allows an attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
Web Server Directory Traversal Arbitrary File Access
It appears possible to read arbitrary files on the remote host outside the web server's document directory using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. Note that this plugin is not limit...
FTPGate Web Proxy Traversal Arbitrary File Access
It is possible to read arbitrary files on the remote server by prepending ../../ or ....\ in front of the file name. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10091; scriptversion "1.24"; scriptcvsdate"Date: 2018/08/10 18:07:08"; scriptnameenglish:"FTPGate Web...
CVE-1999-0466
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device...