Lucene search
+L

1851 matches found

securityvulns
securityvulns
added 2001/05/16 12:0 a.m.26 views

DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)

DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...

0.3AI score
Exploits0
nessus
nessus
added 2001/03/25 12:0 a.m.60 views

HIS AUktion auktion.cgi Traversal Arbitrary Command Execution

The 'auktion.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

7.5CVSS5.9AI score0.17004EPSS
Exploits1References2
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.31 views

Дырки в IBM NetCommerce

Сочетание большого числа дырок в различных продуктах входящих в состав сервера...

0.7AI score
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2001/02/08 12:0 a.m.30 views

Vulnerability in Soft Lite ServerWorx

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Soft Lite ServerWorx Overview Soft Lite ServerWorx v3.00 is a web server available from http://www.zdnet.com and http://www.softlite.net. A vulnerability exists which allows a remote user to break out of the web roo...

0.4AI score
Exploits0
cve
cve
added 2001/01/22 5:0 a.m.48 views

CVE-2000-1148

The CVE-2000-1148 entry concerns VolanoChatPro server where configuration file permissions are world-readable and administrator passwords are stored in plaintext. This insecure configuration can allow local users to access sensitive credentials and potentially gain privileges on the server. The v...

4.6CVSS7AI score0.00338EPSS
Exploits0References4Affected Software1
cve
cve
added 2000/12/19 5:0 a.m.46 views

CVE-2000-1110

CVE-2000-1110 affects the IBM Net.Data db2www package: the document.d2w CGI program can be probed to reveal the web server’s physical path when a nonexistent command is sent. This is a path disclosure weakness, with partial impact on confidentiality reported (base score 5.0, MITRE ATT&CK not spec...

5CVSS6.7AI score0.02685EPSS
Exploits1References2Affected Software1
exploitpack
exploitpack
added 2000/12/11 12:0 a.m.24 views

Oops Proxy Server 1.4.22 - Remote Buffer Overflow (1)

Oops Proxy Server 1.4.22 - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/2099/info Oops is a freely available proxy server package, written by Igor Khasilev. A problem exists in the package which could allow for the arbitrary execution of code. Multiple buffer overflows...

1AI score
Exploits0
exploitpack
exploitpack
added 2000/12/05 12:0 a.m.22 views

Cat Soft Serv-U FTP Server 2.42.5 - FTP Directory Traversal

Cat Soft Serv-U FTP Server 2.42.5 - FTP Directory Traversal source: https://www.securityfocus.com/bid/2052/info FTP Serv-U is an internet FTP server from CatSoft. Authenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write,...

0.1AI score
Exploits0
cve
cve
added 2000/11/29 5:0 a.m.53 views

CVE-2000-0904

The CVE-2000-0904 entry concerns Voyager Web Server 2.01B (demo disks for QNX 405). The vulnerability arises from the server storing sensitive web client information in the .photon directory within the web document root, enabling remote attackers to retrieve that data. The available documents do ...

5CVSS6.7AI score0.02685EPSS
Exploits1References2Affected Software1
freebsd_advisory
freebsd_advisory
added 2000/10/30 12:0 a.m.4 views

FreeBSD-SA-00:60.boa

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:60 Security Advisory FreeBSD, Inc. Topic: boa web server allows arbitrary file access/execution Category: ports Module: boa Announced: 2000-10-30 Credits: Lluis Mora...

6.2AI score
Exploits0
exploitpack
exploitpack
added 2000/10/29 12:0 a.m.25 views

Cat Soft Serv-U FTP Server 2.5.x - Brute Force

Cat Soft Serv-U FTP Server 2.5.x - Brute Force source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2000/10/29 12:0 a.m.45 views

Cat Soft Serv-U FTP Server 2.5.x - Brute Force

source: https://www.securityfocus.com/bid/1860/info FTP Serv-U is an internet FTP server from CatSoft. FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login attempts a user is disconnected. Reconnection ...

7.4AI score
Exploits0
cve
cve
added 2000/09/21 4:0 a.m.44 views

CVE-2000-0680

The CVE-2000-0680 entry concerns the CVS 1.10.8 server, where the server fails to restrict creation of arbitrary Checkin.prog or Update.prog programs. This allows remote CVS committers to modify or create Trojan horse programs named Checkin.prog or Update.prog and then perform a CVS commit action...

7.2CVSS7.1AI score0.01337EPSS
Exploits1References2Affected Software1
exploitdb
exploitdb
added 2000/09/01 12:0 a.m.33 views

QSSL Voyager 2.0 1B - Arbitrary File Access

source: https://www.securityfocus.com/bid/1648/info The web server supplied with the QNX Voyager demo disk contains several vulnerabilities. First, Voyager will follow relative paths passed to it in requests. This includes ../ style paths, which will allow Voyager to serve pages outside of the...

7.4AI score
Exploits0
nessus
nessus
added 2000/08/30 12:0 a.m.772 views

Web Server HTTP Dangerous Method Detection

The PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP, JSP, or PHP it will allow the attacker to execute code with the privileges of the web server. The DELETE method allows an attacker to delete arbitrary content fr...

6.1AI score
Exploits0References2
securityvulns
securityvulns
added 2000/07/25 12:0 a.m.36 views

IBM WebSphere default servlet handler showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere default servlet handler showcode vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072400-6-IBM Release Date: July 24, 2000 Product: IBM...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2000/07/20 12:0 a.m.36 views

Tomcat 3.03.1 Snoop Servlet - Information Disclosure

Tomcat 3.03.1 Snoop Servlet - Information Disclosure source: https://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much...

7.2AI score
Exploits0
nessus
nessus
added 2000/06/27 12:0 a.m.30 views

Sawmill File Access Information Disclosure

The remote web server is affected by an information disclosure vulnerability due to improper validation of user-supplied input to the 'rfcf' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request, to disclose the first line of arbitrary files on the remote host...

5CVSS5.8AI score0.07488EPSS
Exploits1References1
nessus
nessus
added 2000/06/22 12:0 a.m.29 views

Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification

The remote web server is Zope 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10447; scriptversion...

7.5CVSS5.5AI score0.02944EPSS
Exploits0References3
securityvulns
securityvulns
added 2000/05/31 12:0 a.m.141 views

Security Bulletin &#40;MS00-035&#41;

Microsoft Security Bulletin MS00-035 - -------------------------------------- Patch Available for "SQL Server 7.0 Service Pack Password" Vulnerability May 30, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr SQL Serverr 7.0 Service Packs 1...

7.8AI score
Exploits0
Rows per page
Query Builder