4477 matches found
gnocatan Multiple Buffer Overflows
The remote host is running gnocatan, an online game server. There is a flaw in this version which may allow an attacker to execute arbitrary commands on this host, with the privileges this service is running with. An attacker may exploit this flaw to gain a shell on this host. C Tenable Network...
FTP Service 1.2 - Multiple Vulnerabilities
FTP Service 1.2 - Multiple Vulnerabilities FTP Service Multiple Vulnerabilities Vendor: Pablo Software Solutions Product: FTP Service Version: = 1.2 Website: http://www.pablovandermeer.nl/ftpservice.html BID: 7799 7801 Description: FTPService.exe is a service-version of Pablo's FTP Server. This...
P-Synch Password Management Multiple Vulnerabilities
The remote web server is running P-Synch, a password management system running over HTTP. There is a flaw in the CGIs nph-psa.exe and nph-psf.exe which may allow an attacker to make this host include remote files, disclose the path to the p-synch installation or produce arbitrary HTML code...
Zeus Admin vs_diag.cgi XSS
The remote host is running the Zeus WebServer. There is a vulnerability in the CGI 'vsdiag.cgi' that may allow an attacker to gain administrative access on that server. To exploit this flaw, the attacker would need to lure the administrator of this server to click on a rogue link. %NASLMINLEVEL...
Apache 2.0.x < 2.0.46 Multiple DoS
The remote host appears to be running a version of Apache 2.0.x that is prior to 2.0.46. It is, therefore, affected by multiple denial of service vulnerabilities : - There is a denial of service vulnerability that may allow an attacker to disable basic authentication on this host. - There is a...
webERP Configuration File Remote Access
The remote host is using webERP, a web-based accounting / ERP software. There is a flaw in the version of webERP on the remote host such that an attacker is able to download the application's configuration file, 'logicworks.ini', containing the database username and password. %NASLMINLEVEL 70300 ...
snitz_exec.txt
Overview: Snitz Forums 2000, one of the best ASP based bulletin board systems on the market. Getting better every day! A complete board system forum that allows the user access to a friendly and intuitive interface. http://forum.snitz.com Problem Description: Snitz Forums 3.3.03 has an SQL...
Dr.Web File Name Handling Overflow
The remote host is running Dr.Web - an antivirus program. There is a flaw in the remote version of Dr.Web which may make it crash when scanning files whose name is excessively long. An attacker may use this flaw to execute arbitrary code on this host. To exploit it, an attacker would need to send...
Ethereal contains integer overflow in Mount dissector
Overview Ethereal is a network traffic analysis package. The mount packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The mount packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...
Novell NetWare FTPServ Malformed Input Remote DoS
The installed version of Novell FTPServ does not handle certain types of input properly. An attacker can exploit this flaw to crash the FTP service. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11614; scriptversion"1.20"; scriptbugtraqid7072; scriptnameenglish:"Nove...
mod_survey For Apache ENV Tags SQL Injection
According to the banner, the remote host is using a vulnerable version of modsurvey, a Perl module for managing online surveys. This version has a flaw that could result in a SQL injection attack when the module is being used with a database backend. A remote attacker could exploit this to take...
Mac OS X Directory Service Connection Saturation Remote DoS
It was possible to disable the remote service probably MacOS X's directory service by making multiple connections to this port. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11603; scriptversion"1.20"; scriptcvsdate"Date: 2018/11/15 20:50:21"; scriptbugtraqid7323;...
PT News Unauthorized Administrative Access
The remote host is using the PT News management system. There is a flaw in this version which allows anyone to execute arbitrary admnistrative PTnews command on this host such as deleting news or editing a news without having to know the administrator password. An attacker may use this flaw to ed...
SLMail WebMail Multiple Remote Overflows
The remote host is running a version of the SLmail WebMail server which is vulnerable to various flaws. These flaws may let a user to execute arbitrary code on this host or read arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Refs: From: "NGSSoftware Insight Security Researc...
Album.pl Vulnerability - Remote Command Execution
AresU Advisory 04/27/2003 Album.pl Vulnerability Severity : High CGI Remote Command Execution Systems Affected: Album.pl up to v6.1 Vendor URL: http://perl.bobbitt.ca/album Vuln Type : CGI Remote Command Execution Status : Vendor contacted, new fixed version available Author : AresU Greetz to :...
Bugzilla < 2.16.3 / 2.17.4 Multiple Vulnerabilities (XSS, Symlink)
The remote Bugzilla bug tracking system, according to its version number, contains various flaws that may let an attacker perform cross- site scripting attacks or even delete local files provided he has an account on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date:...
Xeneo Web Server %A Request Remote DoS
The remote host is running a vulnerable version of the Xeneo web server. It is possible to crash the web server by requesting a malformed URL ending with /%A or /%. C Tenable Network Security, Inc. See also: XeneoWebServer2.2.9.0DoS.nasl by Bekrar Chaouki I wrote this script at the same time...
Monkey HTTP Daemon (monkeyd) PostMethod() Function Remote Overflow
The version of Monkey web server that you are running is vulnerable to a buffer overflow on a POST command with too much data. It is possible to make this web server crash or execute arbitrary code. C Tenable Network Security, Inc. Ref: From: "Matthew Murphy" To: "BugTraq" Subject: Monkey HTTPd...
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 288-1 [email protected] http://www.debian.org/security/ Martin Schulze April 17th, 2003 http://www.debian.org/security/faq -...
Apache vulnerable to DoS
Overview A remotely exploitable denial-of-service vulnerability exists in the Apache HTTP Server. Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-of-service condition. Description The Apache HTTP Server is a very popular...