297 matches found
CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies...
CVE-2002-1800
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password...
CVE-2002-1874
astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect...
CVE-2002-1338
The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...
TFTPD32 2.50 - Arbitrary File Download/Upload
source: https://www.securityfocus.com/bid/6198/info A vulnerability has been discovered in Tftpd32 which allows a remote attacker to download and upload arbitrary system files. The ability to upload system files may allow an attacker to replaced key system files with trojaned copies, used to open...
CVE-2002-1152
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing...
CVE-2002-0614
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...
CVE-2002-0067
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcpport 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions...
kebi-webmail_vul.txt
kebi-Webmail Solution vulnerability Tested by secret e-mail: [email protected] Summary : Get webmail server's admin competence by remote attack in kebi-Webmail Solution. Platform: Attacker platform : All Operating Systems + Web browser Target platform: All kebi Webmail solution loading server ke...
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
source: https://www.securityfocus.com/bid/3091/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar WWW Server is bundled with a sample script'pagecount' which creates temporary files on the host. However, it is possible for a remote attacker to craft ...
Potential DOS Vulnerability in WFTPD
----- Begin Hush Signed Message from [email protected] ----- Potential DOS Vulnerability in WFTPD Overview WFTPD v3.00R5 is an ftp server available from http://www.wftpd.com and http://www.download.com. A potential denial-of-service vulnerability exists which allows a remote attacker to hang...
CVE-2001-0292
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id UID and calling user.php with the saveuser operator...
unsafe fgets() in qpopper
Topic: unix mailbox parsing trouble in qpopper Software affected: qpopper 3.0 fc2 and probably others Description: malicious user can remotely post message with spoofed or incorrect headers including "Received:" one and in some cases bypass virus checking. This can be used for sending trojans or ...
Immunix OS 6.2 - LC glibc format string
/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...
CVE-2000-0086
Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing...
ProFTPD 1.2.0pre4 mkdir Command Directory Name Handling Remote Overflow
It was possible to crash the remote FTP server by creating a large number of nested directories and then trying to upload a file. This issue is known to affect ProFTPD, although other FTP servers may be affected as well. It is likely that a remote attacker can leverage this issue to execute...
CVE-1999-0428
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls...