2508 matches found
Perl Web Server 0.x - Directory Traversal
Perl Web Server 0.x - Directory Traversal source: https://www.securityfocus.com/bid/2648/info Perl Web Server, an experimental cross-platform web server project, does not prevent a remote user from requesting documents outside the ServerRoot location of the virtual / directory. This means that if...
Perl Web Server 0.x - Directory Traversal
source: https://www.securityfocus.com/bid/2648/info Perl Web Server, an experimental cross-platform web server project, does not prevent a remote user from requesting documents outside the ServerRoot location of the virtual / directory. This means that if an attacker knows the location of a...
RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping
RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping source: https://www.securityfocus.com/bid/2643/info The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems. A...
RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping
source: https://www.securityfocus.com/bid/2643/info The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems. A problem in the software package could make it possible for...
Siemens Reliant UNIX 5.4 - ppd -T Race Condition
Siemens Reliant UNIX 5.4 - ppd -T Race Condition source: https://www.securityfocus.com/bid/2606/info Reliant Unix is a variant of the UNIX Operating System distributed by Fujitsu-Siemens. Reliant Unix is a scalable UNIX Operating system designed for use on Siemens servers. A problem in the...
Shareplex 2.1.3.92.2.2 Beta - Arbitrary Local File Disclosure
Shareplex 2.1.3.92.2.2 Beta - Arbitrary Local File Disclosure source: https://www.securityfocus.com/bid/2535/info Shareplex is a database replication tool from Quest Software. Versions of the product contain a vulnerability which can permit local unprivileged users to read arbitrary files. The...
elron im Anti-Virus 3.0.3 - Directory Traversal
elron im Anti-Virus 3.0.3 - Directory Traversal source: https://www.securityfocus.com/bid/2519/info Elron IM is a suite of tools providing internet filtering, virus protection, and other features. Certain non-current versions of products in the Internet Manager suite, including IM Anti-Virus, are...
MySQL 3.20.32 a3.23.34 - Root Operation Symbolic Link File Overwriting
MySQL 3.20.32 a3.23.34 - Root Operation Symbolic Link File Overwriting source: https://www.securityfocus.com/bid/2522/info MySQL is a relational database management system RDBMS, freely available and open source. It is maintained by MySQL AB. A problem with the implementation of some MySQL...
WhitSoft SlimServe ftpd 1.02.0 - Directory Traversal
WhitSoft SlimServe ftpd 1.02.0 - Directory Traversal source: https://www.securityfocus.com/bid/2452/info SlimServ FTPd is a free ftp server distributed and maintained by WhitSoft Development. SlimServe FTPd is designed to offer ftp services to the Microsoft Windows platform. A problem with the...
[MSY] S(ecure)Locate heap corruption vulnerability
--------------- MasterSecuritY www.mastersecurity.fr --------------- ------------ SecureLocate heap corruption vulnerability ------------ ---------- By Michel "MaXX" Kaempf [email protected] ---------- -- 0x00 - Table of contents ------------------------------------------ 0x01 - Overview 0x0...
BB4 Big Brother Network Monitor 1.5 d2 - bb-hist.sh?HISTFILE File Existence Disclosure
BB4 Big Brother Network Monitor 1.5 d2 - bb-hist.sh?HISTFILE File Existence Disclosure source : https://www.securityfocus.com/bid/1971/info Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account...
Markus Triska CGIForum 1.0 - 'thesection' Directory Traversal
source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the "thesection" parameter. If an attacker supplies a...
iXsecurity.20001107.compaq-wbm.a
iXsecurity Security Vulnerability Report No: iXsecurity.20001107.compaq-wbm.a ==================================== Vulnerability Summary --------------------- Problem: The default installation of Compaq Web-Based Management on a Netware server reveals sensitive system files Threat: Anyone that ha...
StarOffice 5.2 Temporary Dir Vulnerability
Hi, A while back I noticed that StarOffice 5.2 running under Linux and Solaris creates a temporary directory under /tmp with the name "soffice.tmp" with permissions 0777. I figured there had to be some security issue here so I had a further look and noticed that there were files created under her...
extent technologies rbs isp 2.5 - Directory Traversal
source: https://www.securityfocus.com/bid/1704/info A remote user is capable of gaining read access to any file residing in the same directory of a host running Extent RBS ISP through directory traversal. Appending '../' to the 'image' variable request on port 8002 will enable a user to read any...
CVE-1999-0676
CVE-1999-0676 affects Solaris 2.6, where the sdtcm_convert component allows a local user to overwrite sensitive files via a symlink attack. The vulnerability arises from a symlink handling weakness in sdtcm_convert, enabling a local attacker to target files the process should not write to. The co...
Sun StarOffice 5.1 - Arbitrary File Read
Sun StarOffice 5.1 - Arbitrary File Read source: https://www.securityfocus.com/bid/1040/info StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it se...
ultimatebb.txt
Hello. Writing cgi scripts in perl is simple. It's also rather safe, providing authors follow very simple instructions. But they don't. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those...
CVE-2000-0069
The recover program in Solstice Backup allows local users to restore sensitive files...
Matt Wright - FormHandler.cgi 2.0 Reply Attachment
Matt Wright - FormHandler.cgi 2.0 Reply Attachment source: https://www.securityfocus.com/bid/799/info Any file that the FormHandler.cgi has read access to the cgi is typically run as user 'nobody' on Unix systems can be specified as an attachment in a reply email. This could allow an attacker to...