1851 matches found
DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
The 'auktion.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
Дырки в IBM NetCommerce
Сочетание большого числа дырок в различных продуктах входящих в состав сервера...
Vulnerability in Soft Lite ServerWorx
----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Soft Lite ServerWorx Overview Soft Lite ServerWorx v3.00 is a web server available from http://www.zdnet.com and http://www.softlite.net. A vulnerability exists which allows a remote user to break out of the web roo...
CVE-2000-1148
The CVE-2000-1148 entry concerns VolanoChatPro server where configuration file permissions are world-readable and administrator passwords are stored in plaintext. This insecure configuration can allow local users to access sensitive credentials and potentially gain privileges on the server. The v...
CVE-2000-1110
CVE-2000-1110 affects the IBM Net.Data db2www package: the document.d2w CGI program can be probed to reveal the web server’s physical path when a nonexistent command is sent. This is a path disclosure weakness, with partial impact on confidentiality reported (base score 5.0, MITRE ATT&CK not spec...
Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1)
Oops Proxy Server 1.4.22 - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/2099/info Oops is a freely available proxy server package, written by Igor Khasilev. A problem exists in the package which could allow for the arbitrary execution of code. Multiple buffer overflows...
Cat Soft Serv-U FTP Server 2.42.5 - FTP Directory Traversal
Cat Soft Serv-U FTP Server 2.42.5 - FTP Directory Traversal source: https://www.securityfocus.com/bid/2052/info FTP Serv-U is an internet FTP server from CatSoft. Authenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write,...
CVE-2000-0904
The CVE-2000-0904 entry concerns Voyager Web Server 2.01B (demo disks for QNX 405). The vulnerability arises from the server storing sensitive web client information in the .photon directory within the web document root, enabling remote attackers to retrieve that data. The available documents do ...
FreeBSD-SA-00:60.boa
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:60 Security Advisory FreeBSD, Inc. Topic: boa web server allows arbitrary file access/execution Category: ports Module: boa Announced: 2000-10-30 Credits: Lluis Mora...
Cat Soft Serv-U FTP Server 2.5.x - Brute Force
Cat Soft Serv-U FTP Server 2.5.x - Brute Force source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login...
Cat Soft Serv-U FTP Server 2.5.x - Brute Force
source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login attempts a user is disconnected. Reconnection ...
CVE-2000-0680
The CVE-2000-0680 entry concerns the CVS 1.10.8 server, where the server fails to restrict creation of arbitrary Checkin.prog or Update.prog programs. This allows remote CVS committers to modify or create Trojan horse programs named Checkin.prog or Update.prog and then perform a CVS commit action...
QSSL Voyager 2.0 1B - Arbitrary File Access
source: https://www.securityfocus.com/bid/1648/info The web server supplied with the QNX Voyager demo disk contains several vulnerabilities. First, Voyager will follow relative paths passed to it in requests. This includes ../ style paths, which will allow Voyager to serve pages outside of the...
Web Server HTTP Dangerous Method Detection
The PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP, JSP, or PHP it will allow the attacker to execute code with the privileges of the web server. The DELETE method allows an attacker to delete arbitrary content fr...
IBM WebSphere default servlet handler showcode vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere default servlet handler showcode vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072400-6-IBM Release Date: July 24, 2000 Product: IBM...
Tomcat 3.03.1 Snoop Servlet - Information Disclosure
Tomcat 3.03.1 Snoop Servlet - Information Disclosure source: https://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much...
Sawmill File Access Information Disclosure
The remote web server is affected by an information disclosure vulnerability due to improper validation of user-supplied input to the 'rfcf' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request, to disclose the first line of arbitrary files on the remote host...
Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification
The remote web server is Zope 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10447; scriptversion...
Security Bulletin (MS00-035)
Microsoft Security Bulletin MS00-035 - -------------------------------------- Patch Available for "SQL Server 7.0 Service Pack Password" Vulnerability May 30, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Serverr 7.0 Service Packs 1...