Default configuration

Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...

CVE-2007-4113

Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...

CVE-2007-4113

Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...

CVE-2007-4113

Summary: CVE-2007-4113 affects the Advanced Webhost Billing System (AWBS) prior to version 2.6.0. The vulnerability allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. The provided documents do not specify the exact attack vector, ...

eSoft InstaGate EX2 UTM crossite forgery

It's possible to submit the form with configuration data...

VMware多个拒绝服务漏洞

VMWare是一款虚拟PC软件，允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare中存在多个拒绝服务漏洞，具体如下： 1 虚拟机进程（VMX）的ACPI实现在收集有关虚拟机运行状态信息时存在错误，可能导致进程读取无效的内存位置。 2 VMX储存某些畸形配置数据时的错误可能导致guest操作系统拒绝服务。 3 在Windows guest操作系统中处理通用保护错误（GPF）中的漏洞可能导致Windows虚拟机崩溃。 4 在64位主机系统上调试64位Windows guest操作系统中的应用程序时可能导致被破坏的栈指针或内核bugcheck。 VMWar...

VMSA-2007-0004 Multiple Denial-of-Service issues fixed

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2007-0004 Synopsis: Multiple Denial-of-Service issues fixed Issue date: 2007-05-04 Updated on: 2007-05-04 CVE numbers: CVE-2007-1069...

CVE-2007-1914

The RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information external RFC server configuration data via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague...

CVE-2007-1585

The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information passwords and configuration data via a packet to UDP port 916. NOTE: some of these details are obtained from third party...

Information disclosure

The admin web console implemented by the Centrality Communications aka Aredfox PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser session...

CVE-2006-3285

The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.251 uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data aka bugs CSCsd15955...

3COM OfficeConnect Wireless 11g AP wireless access point unauthorized access

It's possible to accesss configuration data including cleartext passwords without any authentication...

Oracle E-Business Suite multiple bugs

Buffer overflow in FNDWRR CGI. Unauthorized access to configuration data...

Web Server info.php / phpinfo.php Detection

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web...

CVE-2002-1810

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information...

Linksys router vulnerability

SUMMARY: Linksys products running affected firmware versions are susceptible to a bug that allows unauthenticated access to the management interface. This bug affects both local and remote management if enabled. AFFECTED PRODUCTS per Linksys support: BEFSR41, BEFSR11, BEFSRU31: firmware versions...

multiple CGIscript.net scripts - Remote Code Execution

multiple CGIscript.net scripts - Remote Code Execution --------------------------------------------------------------------- Name : multiple CGIscript.net scripts - Remote Code Execution Date : April 8, 2002 Product : csGuestbook csLiveSupport csNewsPro csChatRBox Vuln Type : Access Validation...

CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)

CGIscript.net - csSearch.cgi - Remote Code Execution up to 17,000 sites vulnerable --------------------------------------------------------------------- Name : csSearch.cgi - Remote Code Execution Date : March 25, 2002 Product : csSearch Version : 2.3 vulnerable Vuln Type : Access Validation Erro...

CVE-2004-1776

Cisco IOS 12.13 and 12.13T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification DOCSIS standard...

rpc-everythingform.txt

Hi All, This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field 'config' to determine where to read configuration data from. --code snippit-- .. $ConfigFile = $inconfig; .. openCONFIG, "$configdir$ConfigFile" || &Error"I can't open $ConfigFile in the ReadConfig subroutine...