3766 matches found
Apache Tomcat Default Accounts
This host appears to be the running the Apache Tomcat Servlet engine with the default accounts still configured. A potential intruder could reconfigure this service in a way that grants system access. %NASLMINLEVEL 70300 This script was written by Orlando Padilla See the Nessus Scripts License fo...
[LSD] Java and JVM security vulnerabilities
We would like to inform you about several security vulnerabilities in Java Virtual Machine implementations that we have found during our research. These vulnerabilities affect at least JVMs used in Netscape Communicator and Microsoft Internet Explorer web browsers. Below you can find their brief...
Opera 7 vulnerabilities
We've done some basic security tests, in cooperation with Tom Gilder, on the new Opera 7 beta release and found two major security vulnerabilities. These vulnerabilities are quite obvious and likely to be discovered by malicious users. Combined, they allow full read access to a victim's file syst...
benchmark tool for HTTP pages.
ezhttpbench.php eZ httpbench version 1.1http://developer.ez.no - benchmark tool for HTTP pages. A security vulnerability in the product allows remote attackers to download any file on the local system that the eZ httpbench has read access to. Vulnerable systems: eZ httpbench version 1.1 eZ...
Directory traversal in Daniel Arenz' Mini Server
Hi! There is a directory traversal flaw in Daniel Arenz' Mini Server 2.1.6 tested on Windows XP Professional. It could be that prior versions are also affected. It's possible to show every by the web server readable file on the target system by using one of the following URLs:...
UTStarcom B-NAS 1000 / B-RAS 1000 Major Security Flaw
== Overview == UTStarcom http://www.ustar.com is a broadband DSLAM and DSL SMS hardware vendor. Their products are used to manage DSL through PPPoE, PPPoA, bridge mode etc. == Vulnerability == The vendor UTStarcom has placed 2 backdoor accounts with full system access in their BAS-1000 system B-R...
Phenoelit Advisory #0815 +--
Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +-- Authors FX [email protected] FtR [email protected] kim0 [email protected] DasIch [email protected] Phenoelit Group http://www.phenoelit.de Advisory http://www.phenoelit.de/stuff/HPChai.txt Affected Products Hewlett Packard HP ChaiVM HP 90...
Cobalt Qube 3.0 - Authentication Bypass
Cobalt Qube 3.0 - Authentication Bypass source: https://www.securityfocus.com/bid/5297/info A vulnerability has been reported for Cobalt Qube that may allow an attacker to bypass the authentication mechanism and obtain administrative privileges. The vulnerability occurs because of a weak...
File system access in imap-uw
By design it's possible to access any file readable by user's account...
Multiple Vulnerabilities in MDaemon + WorldClient
Advisory Title: Multiple Vulnerabilities in MDaemon + WorldClient Release Date: 07/05/2002 Application: WorldClient and MDaemon Platform: Windows Clients. Version: MDaemon/WorldClient 5.0.5.0 - and probably earlier versions Severity: Several Vulnerabilities - one of which gives system access...
CVE-2002-0268
Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges...
Microsoft Windows 'Administrators' Group User List
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10902; scriptversion"1.23"; scriptcvsdate"Date:...
Portix-PHP 0.4 - view.php Directory Traversal
Portix-PHP 0.4 - view.php Directory Traversal source: https://www.securityfocus.com/bid/4039/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. Portix-PHP is prone to directory traversal attacks. The script view.php does not...
EFTP 2.0.7 337 - Remote Buffer Overflow Code Execution / Denial of Service
// source: https://www.securityfocus.com/bid/3330/info Encrypted FTP EFTP is both an FTP client and server application for Windows platforms. A malicious user with upload permissions to the target host can cause a buffer overflow in EFTP to execute code of the attacker's choosing. The attacker ca...
Проблемы с Java Plugin 1.4 (file reading)
Апплеты не имеющие корректного сертификата тем не менее могут обращаться к файловой системе...
Microsoft IIS .IDA ISAPI Filter Enabled
The IIS server appears to have the .IDA ISAPI filter mapped. At least one remote vulnerability has been discovered for the .IDA indexing service filter. This is detailed in Microsoft Advisory MS01-033, and gives remote SYSTEM level access to the web server. It is recommended that even if you have...
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)
source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow...
IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability Release Date: April 24, 2001 Severity: High Systems Affected: Systems running IPSwitch's IMail 6.06 SMTP daemon. Prior versions are most likely vulnerable. Description: There exists a vulnerability within IMail that allows remote attacke...
Проблемы в файловых системах (ufs/ext2fs data recovery)
Локальный пользователь может получить доступ к содержимому файлов, которые были удалены...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...