232 matches found
CVE-2003-1262
Buffer overflow in the httpfetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a URL request via a long 1 host, 2 referer, or 3 userAgent value...
CVE-2004-2376
Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a URL request with a long attfile attribute...
CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' slash, as demonstrated using ctx...
CVE-2002-1780
BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service crash by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Window...
CVE-2004-0577
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory...
CVE-2002-1093
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3B allows remote attackers to cause a denial of service CPU consumption via a long URL request...
CVE-2004-0577
CVE-2004-0577 affects WinGate (notably 5.2.3 build 901 and 6.0 beta 2 build 942, plus 5.0.5). The vulnerability is an input-validation flaw in the wingate-internal path that allows remote, unauthenticated attackers to read arbitrary files from the root directory via a URL request to the wingate-i...
CVE-2003-1258
activate.php in versatileBulletinBoard vBB 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid...
CVE-2003-1344
Trend Micro Virus Control System TVCS Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files...
Xerox MicroServer - Web Server Directory Traversal
source: https://www.securityfocus.com/bid/9256/info It has been reported that XeroxMicroServer/Xerox11 may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/..' or '/.' character sequences at the end of a URL reques...
CVE-2002-0894
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service crash via 1 a request for a long .jsp file, or 2 a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet...
CVE-2002-0894
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service crash via 1 a request for a long .jsp file, or 2 a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet...
PVote 1.0/1.5 - Unauthorized Administrative Password Change
source: https://www.securityfocus.com/bid/4541/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible to change the administrative password by submitting a malicious web request containing the...
CVE-2001-0007
CVE-2001-0007 refers to a buffer overflow in NetScreen Firewall WebUI (ScreenOS) that allows remote DoS via an oversized URL. Exploitation crashes the firewall without login; reboot needed. Affected: various ScreenOS releases; fixed in: ScreenOS 1.73r2 (NetScreen-1000), 2.01r7 (NetScreen-10/100),...
CVE-2001-0585
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long = 255 characters URL request to port 8000 or port 9000...
CVE-2001-0585
Gordano NTMail 6.0.3c is affected. A remote attacker can trigger a denial-of-service by sending a long URL request (≥ 255 characters) to port 8000 or 9000. The vulnerability and affected configuration are described in CVE-2001-0585 entries (NVD, CVE List). Exploitation details, affected versions ...
CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' slash, as demonstrated using ctx...
CVE-2001-0703
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter...
CVE-2001-0613
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request...
CVE-2001-0585
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long = 255 characters URL request to port 8000 or port 9000...