PHP-Nuke 5.x - Error Message Web Root Disclosure

source: https://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause t...

Xerver-2.10-File-Disclousure&DoS-attack

------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez...

Novell NetWare Management Portal Unrestricted Access

The NetWare Management Portal software is installed on this machine. It allows anyone to view the current server configuration and locate other Portal servers on the network. It is possible to browse the server's filesystem by requesting the volume in the URL. However, a valid user account is...

Microsoft Internet Explorer 5.5/6.0 - Spoofable File Extensions

source: https://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmless file type file in the Download...

Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing

It is possible to read a '.DSStore' file on the remote web server. This file is created by MacOS X Finder; it is used to remember the icons position on the desktop, among other things, and contains the list of files and directories present in the remote directory. Note that deleted files may stil...

eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.

eRisk Security Advisory August 29, 2001 ------------------------------ PhpMyExplorer, available from http://elegac.free.fr/, is vulnerable to directory traversal. Synopsis: eRiskSecurity has discovered a fatal flaw in PhpMyExplorer, a popular and very good looking PHP based file manager. It is...

CVE-2001-0033

KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges...

multiple vulnerabilities in bind 8.x

Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems. More information can be found on the BIND website: http://www.isc.org/products/BIND/ ... and in the CERT Advisory CA-2001-02 - Multipl...

Security Bulletin MS00-099

====================================================================== Issue: "Configure Your Server" tool creates blank password for Directory Service Restore Mode Date: 20 December 2000 Affected Software: Windows 2000 server and Advanced Server Impact: Install malicious code Bulletin ID: MS00-0...

Inktomi Search Software 3.0 - Information Disclosure

source: https://www.securityfocus.com/bid/2062/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/example/ will, if the file 'example' does not...

Cisco IOS 11.x12.x - HTTP %%

Cisco IOS 11.x12.x - HTTP %% source: https://www.securityfocus.com/bid/1154/info A denial of service attack exists in versions of Cisco IOS, running on a variety of different router hardware. If the router is configured to have a web server running for configuration and other information a user c...

PT-1999-1527 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH version 1.2.27 Description: The issue allows a client to use the "none" cipher, even if it is not allowed by the server policy, in an SSH server. Recommendations: For OpenSSH version 1.2.27, update the server configuration to explicit...

Sendmail Redirection Relaying Allowed

The remote sendmail server accepts messages addressed to recipients of the form 'user@[email protected]'. A remote attacker could leverage this to reach mail servers behind a firewall or to avoid detection by routing mail through the affected host. C Tenable Network Security, Inc...

NTMail3 Arbitrary Mail Relay

Nessus has detected that the remote SMTP server allows anyone to use it as a mail relay provided that the source address is set to ''. This issue allows any spammer to use your mail server to send their mail to the world, thus flooding your network bandwidth and possibly getting your mail server...

Sambar Server dumpenv.pl Information Disclosure

CGI script 'dumpenv.pl' is installed on the remote host. This CGI gives away too much information about the web server configuration, which will help an attacker. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Microsoft IIS 4 (Windows NT) - Remote Web-Based Administration

Microsoft IIS 4 Windows NT - Remote Web-Based Administration source: https://www.securityfocus.com/bid/189/info Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy...