2293 matches found
DEBIAN-CVE-2003-0328
EPIC IRC Client EPIC4 pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service crash and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation...
Zeus Admin vs_diag.cgi XSS
The remote host is running the Zeus WebServer. There is a vulnerability in the CGI 'vsdiag.cgi' that may allow an attacker to gain administrative access on that server. To exploit this flaw, the attacker would need to lure the administrator of this server to click on a rogue link. %NASLMINLEVEL...
Synchrologic Email Accelerator aggregate.asp User Account Disclosure
The remote host seems to be running Synchrologic Email Accelerator Synchrologic is a product which allows remote PDA users to sync with email, calendar, etc. If this server is on an Internet segment as opposed to internal, you may wish to tighten the access to the aggregate.asp page. The server...
MantisBT Detection
MantisBT, an open source bug tracking application written in PHP and using a MySQL back-end, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11652; scriptversion"1.26"; scriptsetattributeattribute:"pluginmodificationdate",...
CVE-2003-0321
CVE-2003-0321 affects BitchX IRC client up to version 1.0-0c19 and earlier. The vulnerability stems from multiple buffer overflows in core parsing/handling paths (send_ctcp, cannot_join_channel, cluster, BX_compress_modes, handle_oper_vision, ban_it) when processing long hostnames, nicknames, or ...
CVE-2003-0322
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service crash...
CVE-2003-0299
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors...
CVE-2003-0297
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service crash and possibly execute arbitrary code via certain large 1 literal and 2 mailbox size values that cause either integer signedness errors or integer overflow errors...
php-proxima autohtml.php Arbitrary File Retrieval
The remote host is running php-proxima, a website portal. There is a flaw in this version that allows an attacker to read arbitrary files on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Mind Warper" To: [email protected] Date: Thu, 15 May 2003 01:43:40...
Horde test.php Direct Reqest Information Disclosure
The remote server is running Horde or a related project along with one or more test scripts. These scripts may leak server-side information that is valuable to an attacker. %NASLMINLEVEL 70300 This script was written by Sverre H. Huseby See the Nessus Scripts License for details Changes by Tenabl...
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
The remote server is running IkonBoard, a forum management CGI. The installed version fails to properly sanitize the 'lang' cookie when it contains illegal characters. An attacker, exploiting this flaw, could execute arbitrary code on the remote host when the cookie is inserted into a Perl 'eval'...
OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
No description provided by source. !/bin/sh OpenSSH = 3.6.p1 - User Identification. Nicolas Couture - [email protected] Description: -Tells you wether or not a user exist on a distant server running OpenSSH. Usage: -You NEED to have the host's public key before executing this script...
OpenSSHPAM 3.6.1p1 - gossh.sh Remote Users Ident
OpenSSHPAM 3.6.1p1 - gossh.sh Remote Users Ident !/bin/sh OpenSSH " exit 1 Verify the arguments. $ != 2 && usage Variables. USER="$1" HOST="$2" =-=-=-=-=-=-=-=-=-=-=-=-= Expect script functions =-=-=-=-=-=-=-=-=-=-=-=-= Expect script for password. expasswd cat expasswd spawn $SSHCMD expect...
AN HTTPd count.pl Traversal Arbitrary File Overwrite (deprecated)
The remote web server is running a CGI called 'count.pl' which is affected by an directory traversal vulnerability. An attacker could exploit this in order to overwrite any existing file on the remote server, with the privileges of the httpd server. This plugin has been deprecated as it resulted ...
CVE-2002-1488
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service crash via a PART message with 1 a missing channel or 2 a channel that the Trillian user is not in...
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
The CGI 'ad.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
PostgreSQL < 7.2.3 Multiple Vulnerabilities
The remote PostgreSQL server, according to its version number, is vulnerable to various flaws which may allow an attacker who has the rights to query the remote database to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Bugzilla Software Detection
The remote web server is hosting Bugzilla, a web application for bug tracking and managing software development. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11462; scriptversion"1.26"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...
osCommerce 2.2ms1 Multiple Script XSS
osCommerce is a widely installed open source shopping e-commerce solution. An attacker may use it to perform a cross-site scripting attack on this host. %NASLMINLEVEL 70300 written by K-Otik.com osCommerce Cross Site Scripting Bugs Ref added by rd : Message-ID: From: Daniel Alcantara de la Hoz To...
CVE-2003-0140
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service crash and possibly execute arbitrary code via a crafted folder...