2293 matches found
WebDAV Detection
WebDAV is an industry standard extension to the HTTP specification. It adds a capability for authorized users to remotely add and manage the content of a web server. If you do not use this extension, you should disable it. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
CVE-2002-1487
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service crash by sending the raw messages 1 206, 2 211, 3 213, 4 214, 5 215, 6 217, 7 218, 8 243, 9 302, 10 317, 11 324, 12 332, 13 333, 14 352, and 15 367...
smb2www Unspecified Arbitrary Remote Command Execution
The remote host is running smb2www - a SMB to WWW gateway. There is a flaw in the version of this CGI which allows anyone to execute arbitrary commands on this host by sending a malformed argument to smbshr.pl, one of the components of this solution. %NASLMINLEVEL 70300 C Tenable Network Security...
BSD ftpd Single Byte Buffer Overflow
The remote ftp daemon contains a flaw in the 'replydirname' function which allows an attacker to write a null byte beyond the boundaries of the local buffer. An attacker can exploit this to gain root access. C Tenable Network Security, Inc. This script was written by Xue Yong Zhi...
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
The WordIt 'logbook.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets anyone read arbitrary files on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid1136...
Upload Lite upload.cgi Arbitrary File Upload
The Upload Lite upload.cgi CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server. Note that Nessus did not test whether uploads are possible, only that the script exists. %NASLMINLEVEL 70300 C Tenable Network Security,...
WebWho+ whois.pl time Parameter Arbitrary Command Execution
The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Invision Board 1.1.1 - ipchat.php Remote File Inclusion
Invision Board 1.1.1 - ipchat.php Remote File Inclusion source: https://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization...
Unreal Engine Multiple Remote Vulnerabilities
The Unreal Engine in use on the remote game server is vulnerable to various attacks that may allow an attacker to use it as a distributed denial of service source or to execute arbitrary code on this host. Note that Nessus appears to have disabled this service while testing for these flaws. C...
ftp_banner.txt
Banner Buffer Overflows found in Multible FTP Clients Discovered by Dennis Rand www.Infowarfare.dk ------------------------------------------------------------------------ SUMMARY A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large...
CVE-2002-0763
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server...
MFC ISAPI Framework Buffer Overflow
Systems Affected: All ISAs written using MFC ISAPI framework Issue: User-input length values can result in a buffer overflow. Risk: Critical Scope: Remote Server Compromise The MFC ISAPI framework is widely used to build ISAs that run on a multitude of web servers. It has been discovered that the...
Multiple Vendor Embedded FTP Service Any Username Authentication Bypass
The FTP server running on the remote host can be accessed using a random username and password. Nessus has enabled some countermeasures to prevent other plugins from reporting vulnerabilities incorrectly because of this. This script was written by H D Moore include"compat.inc"; ifdescription...
Microsoft IIS 5.0 Form_JScript.asp XSS
The script /iissamples/sdk/asp/interaction/FormJScript.asp of FormVBScript.asp allows you to insert information into a form field and once submitted re-displays the page, printing the text you entered. This .asp doesn't perform any input validation. An attacker can exploit this flaw to execute...
CVE-2002-0231
Product/affected version: mIRC up to and including 5.91. Vulnerability: Buffer overflow in the nickname handling. Impact: Remote code execution on the client when a long nickname is processed by a remote server. Root cause: Overflow in nickname parsing leads to arbitrary code execution. Exploitat...
PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access
There is a vulnerability in the PHP Rocket Add-in for FrontPage that allows a remote attacker to view the contents of any arbitrary file to which the web user has access. This vulnerability exists because the PHP Rocket Add-in does not filter out ../ and is, therefore, susceptible to this directo...
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
By requesting : GET /cgi-bin/story.pl?next=../../../filetoread%00 An attacker may use this flaw to read arbitrary files on this server. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title 1/13/2009 ...
ActivePerl 5.6.1 - perlIIS.dll Remote Buffer Overflow (1)
ActivePerl 5.6.1 - perlIIS.dll Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/3526/info ActivePerl is an implementation of the Perl scripting language for Microsoft Windows systems developed by Activestate. ActivePerl allows for high-performance integration with IIS using a...
Minor IE System Info Disclosure
I just stumbled across this the other day when i was playing... a remote server can poll a surfers computer and determin some applications they have installed by trying a load an image with the file:// protocol. if the file is found on disk the javascript onload event fires..if not the onerror...
Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution
The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server. %NASLMINLEVEL 70300 This script written by Matt Moore See the Nessus Scripts License for details Changes by Tenable...