Lucene search
K

2293 matches found

Tenable Nessus
Tenable Nessus
added 2001/09/07 12:0 a.m.58 views

PhpMyExplorer index.php chemin Parameter Encoded Traversal Arbitrary File Access

phpMyExplorer is vulnerable to a directory traversal attack that allows anyone to make the remote web server read and display arbitrary directories. For example: GET /index.php?chemin=..%2F..%2F..%2F..%2F%2Fetc will return the contents of the remote /etc directory. %NASLMINLEVEL 70300 C Tenable...

5CVSS5.5AI score0.03448EPSS
Exploits1References1
NVD
NVD
added 2001/08/31 4:0 a.m.12 views

CVE-2001-1009

Fetchmail aka fetchmail-ssl before 5.8.17 allows a remote malicious 1 IMAP server or 2 POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request...

10CVSS6.9AI score0.06524EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2001/01/08 12:0 a.m.204 views

Metertek pagelog.cgi Traversal Arbitrary File Access

The 'pagelog.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker create arbitrary files on the remote server, ending in .txt, and reading arbitrary files ending in .txt or .log Warning : this flaw was not tested by Nessus. Check the existence of...

6.4CVSS5.8AI score0.04267EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2000/12/11 12:0 a.m.19 views

PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access

The PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. For example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within...

5CVSS5.6AI score0.08037EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2000/11/20 12:0 a.m.20 views

RealServer /admin/includes/ Remote Memory Content Disclosure

The remote Real Server discloses the content of its memory when issued the request : GET /admin/includes/ This information may be used by an attacker to obtain administrative control on this server, or to gain more knowledge about it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script...

5CVSS5.6AI score0.07853EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2000/11/01 12:0 a.m.31 views

Verity UltraSeek 3.1.x Malformed URL Remote DoS

It is possible to make the remote UltraSeek server hang temporarily by requesting : /index.html?&col=&ht=0&qs=&qc=&pw=100%25&ws=0&nh=10&lk=1&rf=0&si=1&si=1&ql=../../../index An attacker may use this flaw to prevent this site from responding to valid client requests. %NASLMINLEVEL 70300 C Tenable...

5CVSS5.4AI score0.01657EPSS
Exploits0References1
securityvulns
securityvulns
added 2000/10/06 12:0 a.m.43 views

thttpd ssi: retrieval of arbitrary world-readable files

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2000/09/30 12:0 a.m.40 views

OpenSSH 1.2 - '.scp' File Create/Overwrite

source: https://www.securityfocus.com/bid/1742/info A vulnerability exists in the 1.2.x releases of scp which, if properly exploited using a modified scp binary on the server end, can permit the remote server to spoof local pathnames and overwrite files belonging to the local user. For example,...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2000/07/22 12:0 a.m.90 views

WebSite Pro webfind.exe keywords Parameter Remote Overflow

The 'webfind.exe' CGI script on the remote host is vulnerable to a buffer overflow when given a too long 'keywords' argument. This problem allows an attacker to execute arbitrary code as root on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

10CVSS6.2AI score0.12749EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2000/06/27 12:0 a.m.46 views

Dragon Telnet Server Login Name Handling Remote Overflow DoS

It was possible to shut down the remote telnet server by issuing a far too long login name over 16,000 chars This problem allows an attacker to prevent remote administration of this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10451; scriptversion"1.27";...

5CVSS5.5AI score0.04592EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2000/05/25 12:0 a.m.25 views

Rockliffe MailSite Management Agent wconsole.dll GET Request Overflow

The version of Rockliffe MailSite installed on the remote host is prone to a buffer overflow attack that can be triggered by a request like : GET /cgi-bin/wconsole.dll?AAAA....AAAA This may be of some use to an attacker to run arbitrary code on this system and/or crash it. C Tenable Network...

10CVSS6.4AI score0.03159EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2000/05/10 12:0 a.m.13 views

CVSweb Detection

CVSweb is a web interface for a CVS repository. It allows users to browse through the history of the source code of a given project. If your environement contains sensitive source code, then access to this CGI should be password-protected. C Tenable Network Security, Inc. include"compat.inc";...

5.5AI score
Exploits0
CVE
CVE
added 2000/03/22 5:0 a.m.47 views

CVE-2000-0156

Technical details (affected products, vulnerable components, and exploit information) are not provided in the supplied documents. Monitor for updates.

5.1CVSS7.2AI score0.12829EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2000/03/04 12:0 a.m.29 views

win98-con.txt

New exploit found by the securax crew on 3/3/error for: windoze 98 maybe 95 too... not for NT4 or win2K When we looked at the new exploit for ie that uses the image c:/con/con http://www.zoomnet.net/quick/error/crash.html we experimented a bit with that unexisting path. We found that any program ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1999/12/22 12:0 a.m.10 views

Microsoft Internet Explorer 455.55.0.1 - external.NavigateAndFind() Cross-Frame

Microsoft Internet Explorer 455.55.0.1 - external.NavigateAndFind Cross-Frame Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 1999/11/29 12:0 a.m.31 views

symantec mail-gear 1.0 - Directory Traversal

source: https://www.securityfocus.com/bid/827/info Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including the string '../' in the URL, remote attacker...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 1999/11/27 12:0 a.m.227 views

WWWBoard passwd.txt Authentication Credential Disclosure

The remote host is running WWWBoard, a bulletin board system written by Matt Wright. This board system comes with a password file passwd.txt installed next to the file 'wwwboard.html'. An attacker may obtain the contents of this file and decode the password to modify the remote www board...

10CVSS5.5AI score0.08604EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 1999/11/24 12:0 a.m.48 views

MDaemon WebConfig HTTP Server URL Overflow DoS

It was possible to crash Webconfig which is used to configure MDaemon by sending the request : GET /aaaaa...aaa HTTP/1.0 This could allow a remote attacker to crash the web server, preventing the MDaemon server from being configured remotely. C Tenable Network Security, Inc. include"compat.inc";...

5CVSS5.5AI score0.05829EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 1999/11/05 12:0 a.m.145 views

FTPGate Web Proxy Traversal Arbitrary File Access

It is possible to read arbitrary files on the remote server by prepending ../../ or ....\ in front of the file name. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10091; scriptversion "1.24"; scriptcvsdate"Date: 2018/08/10 18:07:08"; scriptnameenglish:"FTPGate Web...

5.7AI score
Exploits0
CVE
CVE
added 1999/09/29 4:0 a.m.63 views

CVE-1999-0468

CVE-1999-0468: Internet Explorer 5.0 allows a remote server to read arbitrary files on the client’s file system via the Microsoft Scriptlet Component. Reported impact per CVSS suggests confidentiality loss (C:H) and overall HIGH severity (8.2) per CVSS v3.1, with network access and no user intera...

8.2CVSS7AI score0.03247EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder