841 matches found
DEBIAN-CVE-2004-2632
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg'Servers' variables...
MailPost discloses sensitive system information when operating in debug mode
Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...
GLSA-200406-05 : Apache: Buffer overflow in mod_ssl
The remote host is affected by the vulnerability described in GLSA-200406-05 Apache: Buffer overflow in modssl A bug in the function sslutiluuencodebinary in sslutil.c may lead to a remote buffer overflow on a server configured to use FakeBasicAuth that will trust a client certificate with an...
Compulsive Media CNU5 - News.mdb Database Disclosure
Compulsive Media CNU5 - News.mdb Database Disclosure source: https://www.securityfocus.com/bid/11004/info CNU5 is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file 'news.mdb' and gain access to sensitive information including...
phpMyAdmin: Multiple vulnerabilities
Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...
Zixforum - ZixForum.mdb Database Disclosure
Zixforum - ZixForum.mdb Database Disclosure source: https://www.securityfocus.com/bid/10982/info Zixforum is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file ''ZixForum.mdb' and gain access to sensitive information including...
Zixforum - ZixForum.mdb Database Disclosure
source: https://www.securityfocus.com/bid/10982/info Zixforum is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file ''ZixForum.mdb' and gain access to sensitive information including unencrypted authentication credentials. All...
PHP-Fusion Database Backup - Information Disclosure
PHP-Fusion Database Backup - Information Disclosure source: https://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from th...
PHP-Fusion Database Backup - Information Disclosure
source: https://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required. A...
When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration.
PMASA-2004-1 Announcement-ID: PMASA-2004-1 Date: 2004-06-29 Summary When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration. Description phpMyAdmin used eval function to fill some values and one parameter used there w...
PW New Media Network Modular Site Management System 0.2.1 - Ver.asp Information Disclosure
PW New Media Network Modular Site Management System 0.2.1 - Ver.asp Information Disclosure source: https://www.securityfocus.com/bid/10208/info It has been reported that Modular Site Management System may be prone to an information disclosure issue that could allow an attacker to gain access to a...
PW New Media Network Modular Site Management System 0.2.1 - 'Ver.asp' Information Disclosure
source: https://www.securityfocus.com/bid/10208/info It has been reported that Modular Site Management System may be prone to an information disclosure issue that could allow an attacker to gain access to a server's configuration information. MSMS version 0.2.1 is reported to be affected by this...
MetaDot Portal Server 5.6.x - index.pl Multiple Cross-Site Scripting Vulnerabilities
MetaDot Portal Server 5.6.x - index.pl Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/9439/info A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate...
CuteNews 1.3 - Debug Query Information Disclosure
source: https://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a...
Half Life dedicated server information leak
Dear [email protected], Probably is known, but is not documented: Vendor: Valve software Software: hlds, all versions including steam. Problem: Information leak, DoS Author: SYZoSND Problem: in server configuration, if allowdownload = 1, it's possible to download any file from directory o...
Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
-- Corsaire Security Advisory -- Title: PeopleSoft Gateway Administration servlet path disclosure issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030704-003 -- Scope -...
mod_gzip Detection
The remote host is running modgzip and configured so that its status can be obtained by sending a special request. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11685; scriptversion"$Revision: 1.14 $"; scriptcvsdate"$Date: 2013/01/25 01:19:08 $";...
W3Mail multiple bugs
delete.cgi invokes external program though system call without escaping shell characters. It's possible to change server configuration without administrator's permissions. All passwords are stored in Base64 encoding...
Snitz Forums 3.3.03 - Remote Command Execution
!/usr/bin/perl use Socket; print "\nRemote command execution against Snitz Forums 3.3.03 and probably others.\n"; print "You accept full responsibility for your actions by using this script.\n"; print "INTERNAL USE ONLY!! DO NOT DISTRIBUTE!!\n"; print "\nWeb server? www.enterthegame.com: "; my...
Web Server Unconfigured - Default Install Page Present
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11422; scriptversion"1.45"; scriptcvsdate"Date: 2018/08/...