CVE-2000-1154

RHConsole in RobinHood 1.1 web server for BeOS r5 Pro and earlier is affected. Affected component: RHConsole/web server; vulnerability allows remote attackers to cause a denial of service via a long HTTP request. The description specifies DoS impact but provides no details on root cause, versions...

Disclosure of JSP source code with ServletExec AS v3.0c + web instance

Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...

Unify eWave ServletExec 3 - .JSP Source Disclosure

source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...

Cisco Catalyst Web Interface Remote Command Execution

The remote device appears to be a Cisco Catalyst. It is possible to execute arbitrary commands on the router by requesting them via HTTP, as in : /exec/show/config/cr This command shows the configuration file, which contains passwords. A remote attacker could use this flaw to take control of the...

Microsoft IIS 4.05.0 - Executable File Parsing

Microsoft IIS 4.05.0 - Executable File Parsing source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a special...

CVE-2000-0775

Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers...

VIGILANTE-2000008.txt

NTMail Configuration Service DoS Advisory Code: VIGILANTE-2000008 Release Date: September 4, 2000 Systems Affected: - NTMail V5 Alpha Processor - NTMail V5 Intel Processor - NTMail V6 Alpha Processor - NTMail V6 Intel Processor THE PROBLEM The web configuration running on TCP port 8000 does not...

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...

DoS против Real Server

При определенных HTTP-запросах сервер перестает функционировать...

Утилита конфигурации NTMail работает как прокси сервер

Даже при отключенном прокси порт 8080 утилита конфигурации NTMail порт 8000 работает как прокси-сервер, т.е. перенаправляет HTTP-запросы на другие сервера...

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source:...

CVE-1999-0437

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port...

iis4.htr.pl

Re: Retina vs. IIS4, Round 2, KO Ryan R Permeh [email protected] Tue, 15 Jun 1999 17:01:23 -0500 tested, this works for me... scripting was turned on... perl exploit code follows: !/usr/bin/perl props to the absu crew use Net::Telnet; for $i=2500;$inew Host = "$ARGV0",Port = 80; my $cmd = "GE...

brain.ini

General Title=HTTP Miner Commands 1=GET /%%$RPT65,40,10%%.%%extention%% HTTP/1.0 ;2=GET /%%cgi-bin%%/%%passwordpath%%/%%passwordfile%%.%%extention%% HTTP/1.0 Variables cgi-bin=cgi-bin,cgi,bin,cgibin,data,dat,exec,apps,secure,hide, extention=htr,html,htx,asp,exe,xml,ini,txt,dat,dbf,lst,data,...

ms-iis4-avoid-log.txt

Date: Fri, 22 Jan 1999 10:12:52 -0000 From: mnemonix To: [email protected] Subject: IIS 4 Request Logging Security Advisory There is are a combination of problems with IIS 4 that allows an successful HTTP request to go unlogged. Microsoft's Internet Information Server 4 allows the use of any...

iis4.htr-2.pl

Re: Retina vs. IIS4, Round 2, KO Randal L. Schwartz [email protected] Tue, 15 Jun 1999 16:59:08 -0700 "Ryan" == Ryan R Permeh writes: Ryan !/usr/bin/perl Ryan props to the absu crew Ryan use Net::Telnet; Ryan for $i=2500;$i Ryan $obj=Net::Telnet-new Host = "$ARGV0",Port = 80; Ryan my $cmd =...

CVE-1999-0437

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port...

iCat Electronic Commerce Suite 3.0 - File Disclosure

iCat Electronic Commerce Suite 3.0 - File Disclosure source: https://www.securityfocus.com/bid/2126/info iCat Electronic Commerce Suite is an application which enables a user to create and manage web based catalogues. A remote user may retrieve known files on a target system running iCat Electron...

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...