CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

DEBIAN-CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

Xpressions Interactive - Multiple SQL Injections

Xpressions Interactive - Multiple SQL Injections source: https://www.securityfocus.com/bid/7804/info Several software products maintained by Xpressions Interactive are prone to SQL injection attacks. The vulnerability exists in the login.asp page. Specifically, user-supplied input is not...

Xpressions Interactive Multiple Products login.asp SQL Injection

The remote host appears to be running a software suite truConnect, FlowerLink, eVision, or Website Integration from Xpressions Software. The software in question has multiple SQL injection vulnerabilities that could allow an attacker to gain administrative access. This could lead to the exposure ...

Microsoft Security Bulletin MS03-013: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges 811493 Date: 16 April 2003 Software: Microsoft Windows NT 4.0, Windows 2000, and Windows XP Impact...

CVE-2002-0542

Technical details about CVE-2002-0542 are not publicly provided in the supplied documents. Monitor for updates from CVE lists and vendor advisories.

Wordit Logbook 098b3 - Logbook.pl Remote Command Execution

Wordit Logbook 098b3 - Logbook.pl Remote Command Execution source: https://www.securityfocus.com/bid/7043/info A remote command execution vulnerability has been discovered in the Wordit Logbook application. This issue occurs due to insufficient sanitization of externally supplied data to the...

SSH Secure Shell without PTY setsid() Function Privilege Escalation

According to its banner, the version of SSH Secure Shell running on the remote host is between 2.0.13 and 3.2.1. There is a bug in such versions that may allow a non-interactive shell session, such as used in scripts, to obtain higher privileges due to a flaw in the way setsid is used. C Tenable...

CVE-2001-0804

Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. dot dot attack on the "next" parameter...

CVE-2001-0804

CVE-2001-0804 affects Interactive Story prior to version 1.4, via a directory traversal in story.pl. The vulnerability allows remote attackers to read arbitrary server files by manipulating the next parameter (e.g., ..\ or ../../.. paths). Exploitation details from the Nessus plugin show requests...

CVE-2001-0804

Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. dot dot attack on the "next" parameter...

Interactive Story story.pl next Parameter Traversal Arbitrary File Access

By requesting : GET /cgi-bin/story.pl?next=../../../filetoread%00 An attacker may use this flaw to read arbitrary files on this server. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title 1/13/2009 ...

Weaknesses in the SSH protocol simplify brute-force attacks against passwords typed in an existing SSH session

Overview There is a vulnerability in the SSH protocol that can simplify brute force attacks against passwords typed within an existing SSH session. Description Researchers at the University of California at Berkeley have determined that by monitoring the delays between SSH packets transmitted...

QDAV-2001-7-3

Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...

Interactive Story File Disclosure Vulnerability

Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...

Security Bulletin (MS01-003)

---------------------------------------------------------------------- Title: Patch Available for Winsock Mutex Vulnerability Date: 24 January 2001 Software: Microsoft Windows NT 4.0 and Windows NT 4.0 TSE Impact: Denial of Service Bulletin: MS01-003 Microsoft encourages customers to review the...

CVE-2000-0922

Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program shopper.cgi 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack on the newpage parameter...

CVE-2000-0922

CVE-2000-0922 affects Bytes Interactive Web Shopper shopper.cgi (2.0 and earlier). The vulnerability is a directory traversal via the newpage parameter (.. attack), enabling remote attackers to read arbitrary files on the web server. Multiple sources (NVD, CVE listings, Nessus/OpenVAS entries) co...

CVE-2000-0922

Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program shopper.cgi 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack on the newpage parameter...

Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability

October 8, 2000 Security Advisory: Bytes Interactive's Web Shopper shopper.cgi Directory Traversal Vulnerability Affected Product/Versions: Bytes Interactive's Web Shopper shopper.cgi Version 1.0 Bytes Interactive's Web Shopper shopper.cgi Version 2.0 Affected Platforms: Unix Windows Overview: Th...