BitDefender Update Server - Unauthorized Remote File Access Vulnerability

BitDefender Update Server - Unauthorized Remote File Access Vulnerability ==================================================== Affected Products: - BitDefender Security for Fileservers - BitDefender Enterprise Manager BDEM - All BitDefender Products, using their internal update server product...

BitDefender Products - Update Server HTTP Daemon Directory Traversal

BitDefender Products - Update Server HTTP Daemon Directory Traversal source: https://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an...

BitDefender Products - Update Server HTTP Daemon Directory Traversal

source: https://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access potentially sensitive information that could aid in...

Debian: Security Advisory (DSA-799-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an...

CVE-2007-6190

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an...

CVE-2007-6190

The CVE affects Cisco Unified IP Phone devices with Extension Mobility enabled. The HTTP daemon can be abused by remote authenticated users on other phones within the same CUCM domain to eavesdrop on the physical environment by triggering a CiscoIPPhoneExecute message that points to an RTP audio ...

CVE-2006-5233

Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service reboot via 1 a long URL sent to the HTTP daemon and 2 unspecified manipulations as demonstrated by the Nessus httpfingerprintinghmap.nasl script...

Busy box httpd file traversal vulenrability

a file traversal attack is possible in busybox's http daemon when you send a url encoded slash like this http://attacked-host//2e2e/2e2e/2e2e/2e2e/2e2e/etc/passwd I have tested with busy box 1.01 and I dont know if other versions are vulenrable...

TIBCO Rendezvous 7.4.11 - add router Remote Buffer Overflow

TIBCO Rendezvous 7.4.11 - add router Remote Buffer Overflow / Exploit: TIBCO RendezVous remote buffer overflow exploit for Win32 public version Affected products: Tibco RendezOVous version =7.4.11 Multiple Vulnerabilities Author: Andres Tarasco Acuña atarasco @ sia.es Advisory: http://www.514.es...

CVE-2002-2154

CVE-2002-2154 describes a directory traversal vulnerability in the web server component Monkey HTTP Daemon 0.1.4. Remote attackers can read arbitrary files by using dot-dot sequences in the request path. The problem is documented across multiple feeds (NVD, Red Hat advisories, CVE listings) with ...

CVE-2002-2154

Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. dot dot sequences...

guestbook.cgi

The SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10098";...

webspirs.cgi

The remote web server contains a CGI script that is prone to information disclosure. Description : The remote host is running WebSPIRS, SilverPlatter SPDX-FileCopyrightText: 2001 Laurent Kitzinger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Cobalt RaQ2 cgiwrap

'cgiwrap SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10041";...

nph-publish.cgi

The SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10164";...

Hasbani-WindWeb 2.0 (GET Request) Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc ================================================================== Hasbani-WindWeb 2.0 GET Request Remote Denial of Service Exploit ================================================================== / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ /...

CVE-2004-2496

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service service availability loss via a large number of POST requests to /Search...

CVE-2004-2496

OpenText FirstClass HTTP daemon (OpenText FirstClass 7.1 and 8.0) is vulnerable to a denial-of-service via a flood of POST requests to /Search. Root cause is an excessively resource-intensive handling of /Search POSTs, which can exhaust service availability. Impact is denial of service to the HTT...

Debian DSA-799-1 : webcalendar - remote code execution

A trivially-exploitable bug was discovered in webcalendar that allows an attacker to execute arbitrary code with the privileges of the HTTP daemon on a system running a vulnerable version. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...