869 matches found
Web Server info.php / phpinfo.php Detection
Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web...
CVE-2002-1810
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information...
Linksys router vulnerability
SUMMARY: Linksys products running affected firmware versions are susceptible to a bug that allows unauthenticated access to the management interface. This bug affects both local and remote management if enabled. AFFECTED PRODUCTS per Linksys support: BEFSR41, BEFSR11, BEFSRU31: firmware versions...
multiple CGIscript.net scripts - Remote Code Execution
multiple CGIscript.net scripts - Remote Code Execution --------------------------------------------------------------------- Name : multiple CGIscript.net scripts - Remote Code Execution Date : April 8, 2002 Product : csGuestbook csLiveSupport csNewsPro csChatRBox Vuln Type : Access Validation...
CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
CGIscript.net - csSearch.cgi - Remote Code Execution up to 17,000 sites vulnerable --------------------------------------------------------------------- Name : csSearch.cgi - Remote Code Execution Date : March 25, 2002 Product : csSearch Version : 2.3 vulnerable Vuln Type : Access Validation Erro...
CVE-2004-1776
Cisco IOS 12.13 and 12.13T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification DOCSIS standard...
rpc-everythingform.txt
Hi All, This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field 'config' to determine where to read configuration data from. --code snippit-- .. $ConfigFile = $inconfig; .. openCONFIG, "$configdir$ConfigFile" || &Error"I can't open $ConfigFile in the ReadConfig subroutine...
Insecure input validation in everythingform.cgi (remote command execution)
Hi All, This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field 'config' to determine where to read configuration data from. --code snippit-- .. $ConfigFile = $inconfig; .. openCONFIG, "$configdir$ConfigFile" || &Error"I can't open $ConfigFile in the ReadConfig subroutine...
Bypassing admin authentication in phpWebLog
Note: Although this software is still in beta stage, there are many websites using it, so i think it's a relevant issue. Author: Jason Hines Homepage: http://www.phpweblog.org | http://sourceforge.net/projects/phpweblog/ Version: 0.4.2 others? Problem: in common.inc.php, $CONF is not properly...