zenTrack Remote Command Execution Vulnerabilities

Subject: zenTrack Remote Command Execution Vulnerabilities Author: farking [email protected] Product: zenTrack 2.4.1 latest and below Vendor: http://zendocs.phpzen.net/zentrack / http://sourceforge.net/projects/zentrack/ Status: Vendor contacted 27/05/2003 Location:...

Mod_gzip Debug Mode Vulnerabilities

Multiple Vulnerabilities in modgzip Debugging Routines I. Synopsis Affected Systems: modgzip 1.3.26.1a and prior Risk: Development: High Production: Minimal Developer URL: http://www.sourceforge.net/projects/mod-gzip Status: Vendor is not supporting project at this time. II. Product Description...

mod_gzip Debug Mode mod_gzip_printf Remote Format String

The remote host is running modgzip with debug symbols compiled in. The debug code includes vulnerabilities that can be exploited by an attacker to gain a shell on this host. C Tenable Network Security, Inc. Ref: From: "Matthew Murphy" To: "BugTraq" , Subject: Modgzip Debug Mode Vulnerabilities...

Mod_Gzip 1.3.x - Debug Mode

ModGzip 1.3.x - Debug Mode // source: https://www.securityfocus.com/bid/7769/info Modgzip is reported prone to a stack overflow, format string vulnerability and a file corruption issue due to a predictable naming scheme for log files. Exploitation of these issues could result in execution of...

Mod_Gzip 1.3.x - Debug Mode

// source: https://www.securityfocus.com/bid/7769/info Modgzip is reported prone to a stack overflow, format string vulnerability and a file corruption issue due to a predictable naming scheme for log files. Exploitation of these issues could result in execution of malicious instructions or...

CVE-2002-1484

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems port scan via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error...

Windows NT/2000/XP kernel buffer overflow

Stack based overflow during debug message processing...

CVE-2002-0856

SQLNET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service crash via certain debug requests that are not properly handled by the debugging feature...

CVE-2002-1484

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems port scan via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error...

WU-FTPD Debug Mode Client Hostname Remote Format String

The remote WU-FTPd server, according to its version number, is vulnerable to a format string attack when running in debug mode. C Tenable Network Security, Inc. Affected: wu-ftpd up to 2.6.1 include"compat.inc"; if description scriptid11331; scriptversion"1.25";...

CVE-2003-1078

The FTP client for Solaris 2.6, 7, and 8 with the debug -d flag enabled displays the user password on the screen during login...

PT-2002-2753 · Php · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 5.4 and earlier Description: The issue allows remote attackers to gain SQL query information by exploiting debugging features that are not properly restricted. This can be achieved by setting the sql debug parameter in...

DB4Web Server Debug Mode TCP Port Scanning Proxy

The DB4Web debug page allows anybody to scan other machines. This could allow a remote attacker to learn more about the internal network layout, which could be used to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: From:[email protected] To:...

CVE-2002-0918

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...

DB4Web 3.43.6 - Connection Proxy

DB4Web 3.43.6 - Connection Proxy source: https://www.securityfocus.com/bid/5725/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. B...

CVE-2002-0856

SQLNET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service crash via certain debug requests that are not properly handled by the debugging feature...

CVE-2002-0918

The vulnerability CVE-2002-0918 affects CGIScript.net csPassword.cgi. The root cause is leakage of the server pathname via debug messages generated on script failure, which can be triggered through a remote attacker using a remove option in the command parameter to cause an error. Impact is expos...

EUVD-2002-0909

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...

Sendmail RestrictQueueRun Option Debug Mode Information Disclosure

According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running sendmail -q -d0-nnnn.xxx where nnnn & xxx...

CVE-2001-1199

Agora CGI Cross Site Scripting (CVE-2001-1199) affects Agora versions 3.0a–4.0g due to improper input validation in the cart_id parameter when debug mode is on, enabling remote attackers to execute JavaScript in other clients. The vulnerability is documented in multiple sources (e.g., OpenVAS des...