287 matches found
OpenLink Web Configurator GET Request Remote Overflow
It is possible to crash the remote web server by sending overly long GET requests. An attacker may exploit this issue to crash the remote web server or execute arbitrary code on the remote system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10169;...
Microsoft FrontPage Extensions authors.pwd Information Disclosure
The remote web server appears to be running with Microsoft FrontPage extensions. The file 'authors.pwd', which contains the encrypted passwords of FrontPage authors, can by accessed by anyone. A remote attacker could decrypt these passwords, or possibly overwrite this file. C Tenable Network...
Glimpse HTTP aglimpse Arbitrary Command Execution
The remote web server is running GlipmseHTTP. The installed version suffers from a remote command execution vulnerability in the 'aglimpse' component. Note that we could not actually check for the presence of this vulnerability, and only checked for the existence of the 'aglimpse' CGI...
thttpd Double Slash Request Arbitrary File Access
The remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name. For instance, 'GET //etc/passwd' will return the contents of the remote file '/etc/passwd'. C Tenable Network Security, Inc...
Microsoft IIS perl.exe HTTP Path Disclosure
It was possible to obtain the physical location of a virtual web directory of this host by issuing a request for a non-existent file with an IISAPI-registered extension. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks. %NASLMINLEVE...
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
The remote host appears to be using the CdomainFree 'whoisraw.cgi' script. This CGI script allows an attacker to view any file on the target computer, as well as to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
WebGais webgais CGI Arbitrary Command Execution
The 'webgais' CGI is installed. This CGI may let an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10300;...