Lucene search
+L

287 matches found

OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.24 views

Zope ZClass Permission Mapping Bug

The remote web server contains an application server that is prone to a privilege escalation flaw. Description : The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for...

4.6CVSS0.1AI score0.0035EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

Mediahouse Statistics Web Server Multiple Vulnerabilities (2001)

Mediahouse Statistics web server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2001 Noam Rathaus SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

5CVSS6.6AI score0.06965EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.96 views

LiteServe URL Decoding DoS Vulnerability

The remote web server dies when an URL consisting of a long invalid string of % is sent. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.30 views

WebLibs File Disclosure Vulnerability (Dec 2004) - Active Check

WebLibs is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.03124EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.11 views

Oracle Web Administration Server Detection

We detected the remote web server as an Oracle Administration web server. This web server enables attackers to configure your Oracle Database server if they gain access to a valid authentication username and password. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpt...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

thttpd ssi file retrieval

The remote HTTP server allows an attacker to read arbitrary files on the remote web server, by employing a weakness in an included ssi package, by prepending pathnames with %2e%2e/ hex-encoded ../ to the pathname. Example: GET /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd will return /etc/passwd...

7.5CVSS6.7AI score0.02022EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.27 views

AOLserver Default Password (HTTP)

The remote web server is running AOL web server AOLserver with the default username and password set. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.5CVSS9.4AI score0.0356EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2005/11/02 12:0 a.m.41 views

phpBB <= 2.0.17 Multiple Vulnerabilities

The remote host is running a version of phpBB that, if using PHP 5 with 'registerglobals' enabled, fails to properly deregister global variables as well as failing to initialize several variables in various scripts. An attacker may be able to exploit these issues to execute arbitrary code or to...

7.5CVSS5.8AI score0.02367EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2005/10/06 12:0 a.m.25 views

CubeCart < 3.0.4 Multiple Script XSS

The remote version of CubeCart contains several cross-site scripting vulnerabilities due to its failure to properly sanitize user-supplied input of certain variables to the 'index.php' and 'cart.php' scripts. %NASLMINLEVEL 70300 Josh Zlatin-Amishav This script is released under the GNU GPLv2...

4.3CVSS5.2AI score0.02235EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/09/19 12:0 a.m.17 views

Hosting Controller <= 6.1 Hotfix 2.3 Information Disclosure Vulnerabilities

According to its version number, the installation of Hosting Controller on the remote host may allow customers to use PHP scripts to gain access to files outside of their directory, including those belonging to other customers, resellers, or the system itself. %NASLMINLEVEL 70300 C Tenable Networ...

5CVSS5.5AI score0.01373EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/09/14 12:0 a.m.26 views

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/09/08 12:0 a.m.39 views

PHP-Fusion < 6.00.108 BBCode Nested URL Tag XSS

According to its version number, the remote host is running a version of PHP-Fusion that reportedly does not sufficiently sanitize input passed in nested 'url' BBcode tags before using it in a post. An attacker may be able to exploit this flaw to cause arbitrary script and HTML code to be execute...

4.3CVSS5.9AI score0.01752EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/08/25 12:0 a.m.35 views

Netquery <= 3.11 nquser.php host Parameter Arbitrary Command Execution

The remote host is running Netquery, a suite of network information utilities written in PHP. The installed version of Netquery lets an attacker execute arbitrary commands within the context of the affected web server user id by passing them through the 'host' parameter of the 'nquser.php' script...

7.5CVSS5.6AI score0.01938EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/08/25 12:0 a.m.23 views

RunCMS <= 1.2 Multiple Vulnerabilities

The version of RunCMS installed on the remote host allows attackers to overwrite arbitrary variables by passing them via a POST method and may also suffer from several SQL injection vulnerabilities resulting in, for example, disclosure of the admin password hash. %NASLMINLEVEL 70300 C Tenable...

7.5CVSS6.1AI score0.02319EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2005/08/12 12:0 a.m.32 views

Gallery PostNuke Integration Access Validation Privilege Escalation

The remote host is running Gallery, a web-based photo album. According to its banner, the version of Gallery installed on the remote host is subject to an access validation issue when integrated with PostNuke, as is the case on the remote host. The issue means that any user with any level of admi...

4.6CVSS5.5AI score0.00379EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/08/07 12:0 a.m.33 views

Cyberstrong eShop Multiple Script ProductCode Parameter SQL Injection

The remote host is running Cyberstrong eShop, a shopping cart written in ASP. The remote version of this software contains several input validation flaws leading to SQL injection vulnerabilities. An attacker may exploit these flaws to affect database queries, possibly resulting in disclosure of...

10CVSS6AI score0.05855EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/06/23 12:0 a.m.27 views

Simple Machines Forum msg Parameter SQL Injection Vulnerability

The remote host is running Simple Machines Forum SMF, an open source web forum application written in PHP. The installed version of SMF on the remote host fails to properly sanitize input to the 'msg' parameter before using it in SQL queries. By exploiting this flaw, an attacker can affect databa...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/05/10 12:0 a.m.26 views

MyServer 0.8 Multiple Vulnerabilities

The remote host is running MyServer, an open source http server. This version is vulnerable to a directory listing flaw and cross-site scripting. An attacker can execute a cross-site scripting attack, or gain knowledge of certain system information of the server. %NASLMINLEVEL 70300 C Tenable...

5CVSS5.2AI score0.01549EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2005/04/26 12:0 a.m.25 views

IMP common-footer.inc Parent Frame Page Title XSS

According to its version, the remote installation of IMP fails to fully sanitize user-supplied input when setting the parent frame's page title by JavaScript in 'templates/common-footer.inc'. By leveraging this flaw, an attacker may be able to inject arbitrary HTML and script code into a user's...

4.3CVSS5.7AI score0.01228EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/04/22 12:0 a.m.28 views

DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)

The remote host is running DUPortal, a content management system written in ASP. The remote version of this software is vulnerable to several SQL injection vulnerabilities in files 'details.asp', 'search.asp', 'default.asp' , 'cat.asp' and more. With a specially crafted URL, an attacker can explo...

7.5CVSS5.6AI score0.03655EPSS
Exploits2References3
Rows per page
Query Builder