Lucene search
+L

254 matches found

securityvulns
securityvulns
added 2002/04/04 12:0 a.m.42 views

Directory traversal in Quik-Serv Web Server

No description provided...

2.5AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2002/03/27 12:0 a.m.37 views

csSearch csSearch.cgi setup Parameter Arbitrary Command Execution

The version of csSearch running on the remote host has a command execution vulnerability. Input to the 'print' parameter of 'csSearch.cgi' is not properly sanitized. A remote attacker could exploit this by executing arbitrary system commands with the privileges of the web server. %NASLMINLEVEL...

10CVSS5.8AI score0.13092EPSS
Exploits1References1
securityvulns
securityvulns
added 2002/02/04 12:0 a.m.41 views

Lotus Domino url bypass

--------------------------------------------------------------------------- Web: http://qb0x.net Author: Gabriel A. Maggiotti Date: Febrary 03, 2002 E-mail: [email protected] --------------------------------------------------------------------------- General Info ------------ Problem Type :...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/11/20 12:0 a.m.22 views

Hypermail SSI Vulnerability

Hypermail SSI Vulnerability qDefense Advisory Number QDAV-2001-11-1 Product: Hypermail Vendor: Hypermail Development http://www.hypermail.org Severity: Remote; Attacker may be able to execute arbitrary commands on servers that run Hypermail and SSI Vendor Status: Vendor contacted; patch released ...

1AI score
Exploits0
CERT
CERT
added 2001/10/19 12:0 a.m.21 views

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle URL encoded characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle URL encoded characters contained in a URL. A specially crafted request may bypass authentication and expose the contents of...

7.3AI score
Exploits0References2
securityvulns
securityvulns
added 2001/09/12 12:0 a.m.33 views

Textor Webmasters Ltd (listrec.pl)

Last update of listrec.pl Jon Wright 11/11/1998. This script has vulnerability does not filter input of the user which allows to carry out commands from WebServer. EXPLOIT: www.server.com/cgi-bin/common/listrec.pl? APP=qmh-news&TEMPLATE=;ls| XP-TEAM...

2.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/08/29 12:0 a.m.17 views

Tripwire for Webpages Installation Disclosure

The remote host is running Tripwire for Webpages, a commercial product to monitor for changes in web pages. This information may prove useful to anyone doing reconnaissance before launching an actual attack. %NASLMINLEVEL 70300 C Tenable Network Security include'deprecatednasllevel.inc';...

5.5AI score
Exploits0References1
NVD
NVD
added 2001/08/22 4:0 a.m.11 views

CVE-2001-0571

Directory traversal vulnerability in the web server for 1 Elron Internet Manager IM Message Inspector and 2 Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. dot dot in the requested URL...

5CVSS6.7AI score0.08338EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2001/06/21 12:0 a.m.18 views

1C: Arcadia Internet Store 1.0 - Path Disclosure

source: https://www.securityfocus.com/bid/2904/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this package, 'tradecli.dll', allows use...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/06/19 12:0 a.m.98 views

Security Bulletin MS01-033

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Uncheck...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2001/06/13 12:0 a.m.20 views

SiteWare 2.5/3.0/3.1 Editor Desktop - Directory Traversal

source: https://www.securityfocus.com/bid/2868/info Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content. SiteWare Editor Desktop is prone to directory traversal attacks which can lead to disclosure...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/03/25 12:0 a.m.60 views

HIS AUktion auktion.cgi Traversal Arbitrary Command Execution

The 'auktion.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

7.5CVSS5.9AI score0.17004EPSS
Exploits1References2
securityvulns
securityvulns
added 2001/02/08 12:0 a.m.30 views

Vulnerability in Soft Lite ServerWorx

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Soft Lite ServerWorx Overview Soft Lite ServerWorx v3.00 is a web server available from http://www.zdnet.com and http://www.softlite.net. A vulnerability exists which allows a remote user to break out of the web roo...

0.4AI score
Exploits0
CVE
CVE
added 2000/12/19 5:0 a.m.47 views

CVE-2000-1110

CVE-2000-1110 affects the IBM Net.Data db2www package: the document.d2w CGI program can be probed to reveal the web server’s physical path when a nonexistent command is sent. This is a path disclosure weakness, with partial impact on confidentiality reported (base score 5.0, MITRE ATT&CK not spec...

5CVSS6.7AI score0.02685EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2000/11/29 5:0 a.m.53 views

CVE-2000-0904

The CVE-2000-0904 entry concerns Voyager Web Server 2.01B (demo disks for QNX 405). The vulnerability arises from the server storing sensitive web client information in the .photon directory within the web document root, enabling remote attackers to retrieve that data. The available documents do ...

5CVSS6.7AI score0.02685EPSS
Exploits1References2Affected Software1
FreeBSD Advisory
FreeBSD Advisory
added 2000/10/30 12:0 a.m.4 views

FreeBSD-SA-00:60.boa

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:60 Security Advisory FreeBSD, Inc. Topic: boa web server allows arbitrary file access/execution Category: ports Module: boa Announced: 2000-10-30 Credits: Lluis Mora...

6.2AI score
Exploits0
Exploit DB
Exploit DB
added 2000/09/01 12:0 a.m.35 views

QSSL Voyager 2.0 1B - Arbitrary File Access

source: https://www.securityfocus.com/bid/1648/info The web server supplied with the QNX Voyager demo disk contains several vulnerabilities. First, Voyager will follow relative paths passed to it in requests. This includes ../ style paths, which will allow Voyager to serve pages outside of the...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2000/08/30 12:0 a.m.773 views

Web Server HTTP Dangerous Method Detection

The PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP, JSP, or PHP it will allow the attacker to execute code with the privileges of the web server. The DELETE method allows an attacker to delete arbitrary content fr...

6.1AI score
Exploits0References2
securityvulns
securityvulns
added 2000/07/25 12:0 a.m.36 views

IBM WebSphere default servlet handler showcode vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory IBM WebSphere default servlet handler showcode vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072400-6-IBM Release Date: July 24, 2000 Product: IBM...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2000/07/20 12:0 a.m.37 views

Tomcat 3.03.1 Snoop Servlet - Information Disclosure

Tomcat 3.03.1 Snoop Servlet - Information Disclosure source: https://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much...

7.2AI score
Exploits0
Rows per page
Query Builder