2293 matches found
phpList <= 2.6.3 Multiple Vulnerabilities
According to its banner, the version of phpList installed on the remote host is prone to arbitrary command execution as well as information disclosure vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
RaidenHTTPD < 1.1.34 Multiple Remote Vulnerabilities
The remote host is running RaidenHTTPD 1.1.33 or older. Ther are various flaws in the remote version of this server which may allow an attacker to disclose the source code of any PHP file hosted on the remote server, or to execute arbitrary code on the remote with the privileges of the remote...
CVE-2005-0158
Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses...
security flaw
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service crash via crafted responses...
Mailman Detection
The remote host is running Mailman, an open source, Python-based mailing list management package. This script was written by George A. Theall, . GPLv2 include"compat.inc"; if description scriptid16338; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
PHP-Fusion Detection
The remote host is running PHP-Fusion, a light-weight, open source content management system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid16335; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
ngircd -- buffer overflow vulnerability
Florian Westphal discovered a buffer overflow in ngircd which can be used remotely crash the server and possibly execute arbitrary code...
ISC BIND < 9.3.1 Validator Self Checking Remote DoS
The remote BIND server, according to its version number, has a flaw in the way 'authvalidator' is implemented. Provided DNSSEC has been enabled in the remote name server, an attacker may be able to launch a denial of service attack against the remote service. C Tenable Network Security, Inc...
JAWS index.php gadget Parameter Traversal Arbitrary File Access
The remote web server is running JAWS, a content management system written in PHP. Input to the 'gadget' parameter of index.php is not properly sanitized. A remote attacker could exploit this to read potentially sensitive data from the system. This information could also be used to mount further...
UMN Gopherd Unauthorized FTP Proxy
The remote host is running a UMN Gopher server. It is possible to make the remote server connect to third party FTP sites by sending the request 'ftp://hostname.of.the.ftp.server'. An attacker may exploit this flaw to connect to use the remote gopher daemon as a proxy to connect to FTP servers...
POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modification
The remote host is running POP Password Changer, a server to change POP user's passwords. According to the version number, the remote software is vulnerable to an unauthorized access. An attacker, exploiting this flaw, will be able to change user's password. C Tenable Network Security, Inc...
IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)
NGSSoftware Insight Security Research Advisory Name: IBM DB2 XML functions file creation vulnerabilities Systems Affected: DB2 8.1 Severity: High risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield david at ngssoftware.com Relates to:...
MySQL Eventum index.php email Parameter XSS
The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...
CVE-2004-2277
Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service crash and possibly execute arbitrary code via a long server response...
NFS Share User Mountable
Nessus was either able to mount some of the NFS shares exported by the remote server or disclose potentially sensitive information such as a directory listing. An attacker may exploit this issue to gain read and possibly write access to files on remote host. Note that root privileges were not...
WebLibs10.txt
Advisory: ========= Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0 Author: ======= John Bissell A.K.A. HighT1mes Vendor Homepage: ================ http://awsd.com/ Date: ===== 12, 07, 2004 Severity: ========= High Overview: ========= WebLibs is a pretty popular simple little Per...
KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application...
KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to utilizi...
SSL Certificate Expiry
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired. TRUSTED...
Webman I-Mall i-mall.cgi Arbitrary Command Execution
The script i-mall.cgi is installed. Some versions of this script are vulnerable to remote command execution flaw, due to insufficient user input sanitization to the 'p' parameter of the i-mall.cgi script. A malicious user can pass arbitrary shell commands on the remote server through this script...