Microsoft IIS global.asa Remote Information Disclosure

This host is running the Microsoft IIS web server. This web server contains a configuration flaw that allows the retrieval of the global.asa file. This file may contain sensitive information such as database passwords, internal addresses, and web application configuration options. This...

OSX remote root

I have seen mention of nidump being used local to an OSX box to take root... I have found that with the use of "tags" it is also a remote root. I have not notified apple due to the fact that they did nothing about the original local exploit. Any machine with a "network" nidomain is vulnerable. It...

CVE-2001-0359

Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command...

CVE-2001-0359

The CVE-2001-0359 entry describes a format-string vulnerability in Sierra Half-Life (build 1573 and earlier) that allows a remote attacker to execute arbitrary code via the map command. Affected software is Sierra Half-Life prior to build 1573; vulnerable component/function is the map command’s h...

Web Server No 404 Error Code Check

The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page. Nessus has enabled some counter measures for this. However, they might be insufficient. If a...

CVE-2000-0256

Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability...

ADV-150400.txt

------- Legion2000 - Russian Security Team ADV-1504001 ------- www.legion2000.cc ---- INFORMATION ---- Program Name : CERN Image Map Dispatcher Discovered By : Narrow [email protected] --------------------- Problem Description CERN Image Map Dispatcher /cgi-bin/htimage.exe comes by default with...

Ошибки в CERN Image Map Dispatcher (Front Page)

Несколько неприятных ошибок в htimage.exe позволяют получить доступ к любому файлу. Переполнение буфера позволяет выполнить код на сервере...

Microsoft Security Bulletin (MS00-028)

Microsoft Security Bulletin MS00-028 - -------------------------------------- Procedure Available to Eliminate "Server-Side Image Map Components" Vulnerability Originally Posted: April 21, 2000 Summary ======= A procedure is available to eliminate a security vulnerability affecting several web...

CVE-2000-0256

Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability...

More vulnerabilities in FP

------- Legion2000 - Russian Security Team ADV-1504001 ------- www.legion2000.cc ---- INFORMATION ---- Program Name : CERN Image Map Dispatcher Discovered By : Narrow [email protected] --------------------- Problem Description CERN Image Map Dispatcher /cgi-bin/htimage.exe comes by default with...

FrontPage 98/Personal WebServer 1.0 / Personal Web Server 2.0 - 'htimage.exe' File Existence Disclosure

source: https://www.securityfocus.com/bid/1141/info htimage.exe can be used to determine if a specified path and filename exists on the target host or not. The specified path must be on the same logical drive as the web content. Any file can be specified as an image map in the URL. htimage.exe wi...

SGI IRIX 6.5.2 - nsd Information Gathering

SGI IRIX 6.5.2 - nsd Information Gathering / source: https://www.securityfocus.com/bid/412/info A vulnerability has been discovered in the nsd service, as included by SGI in Irix 6.5.x. The vulnerability allows remote users to access potentially sensitive pieces of information, including, but not...

Microsoft IIS 2.0/3.0 - Appended Dot Script Source Disclosure

source: https://www.securityfocus.com/bid/2074/info Microsoft Internet Information Server IIS is a popular web server, providing support for a variety of scripting languages, including ASP active server pages. IIS 2.0 and 3.0 suffer from an issue allowing a remote user to retrieve the source code...