1893 matches found
BadBlue Malformed GET Request Remote DoS
By sending an invalid GET request without any URI, it iss possible to crash the remote web server. An attacker could exploit this vulnerability to make the web server crash continually. C Tenable Network Security, Inc. untested Script audit and contributions from Carmichael Security Erik Anderson...
AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation
The AlienForm CGI script allows an attacker to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file. The AlienForm CGI script is installed as either af.cgi or alienform.cgi. %NASLMINLEVEL 70300 This script was written by Andrew...
IBM TFTP Server for Java vulnerability
Vulnerability: The IBM alphaWorks TFTP Server for Java available at http://alphaworks.ibm.com/tech/TFTP is vulnerable to a standard directory traversal attack i.e. ../../. Vendor Response: The vendor was contacted on 19 June 2001 and responded on 20 June 2001 as follows: "We will take a look at t...
CHINANSL Security Advisory(CSA-200105)
Topic: Tomcat 3.0 for win2000 Directory traversal Vulnerability vulnerable: Tomcat 3.0 for win2000 maybe for other operating system also. discussion: A security vulnerability has been found in Windows NT/2000 systems that have Tomcat 3.0 installed.The vulnerability allows remote attackers to acce...
Icecast utils.c fd_write Function Format String
The remote server claims to be running Icecast 1.3.7 or 1.3.8beta2. These versions are vulnerable to a format string attack that could allow an attacker to execute arbitrary commands on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10600; scriptversion...
Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error
Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Class: Unknown error Remotely Exploitable: Yes Locally Exploitable: Yes Risk: Medium Vendor status: Microsoft was notified on 7 December Vulnerability Description: MSTask.exe is an application that ships with the Windows NT 4...
CSA-200012.txt
CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Date£º Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ¡¡¡¡- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...
Security Advisory(CSA-200012)
CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Dateёє Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ЎЎЎЎ- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...
htgrep hdr Parameter Arbitrary File access
The 'htgrep' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
bftelnet.dos.txt
Remote DoS Attack in BFTelnet Server v1.1 for Windows NT PROBLEM UssrLabs found a Remote DoS Attack in BFTelnet Server v1.1 for Windows NT, the buffer overflow is caused by a long user name 3090 characters. If BFTelnet Server is running as a service the service will exit and no messages are...
Glimpse HTTP aglimpse Arbitrary Command Execution
The remote web server is running GlipmseHTTP. The installed version suffers from a remote command execution vulnerability in the 'aglimpse' component. Note that we could not actually check for the presence of this vulnerability, and only checked for the existence of the 'aglimpse' CGI...
iParty Client Extended Character Handling Remote Overflow DoS
iParty is an audio/text chat program for Windows. The iParty server listens on port 6004 for client requests. If someone connects to it and sends a large amount of ASCII 255 chars, the server will close itself and disconnect all the current users. C Tenable Network Security, Inc...
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
The installed version of the 'icat' CGI allows a remote user to read arbitrary files on the remote target, because it fails to properly sanitize user-supplied input to the 'icatcommand' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...