254 matches found
Sawmill File Access Information Disclosure
The remote web server is affected by an information disclosure vulnerability due to improper validation of user-supplied input to the 'rfcf' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request, to disclose the first line of arbitrary files on the remote host...
Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification
The remote web server is Zope 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10447; scriptversion...
DVWSSR.dll Buffer Overflow Vulnerability in Microsoft IIS 4.0 Web Servers
No description provided...
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
The 'bigconf' CGI is installed. This CGI has a well-known security flaw that allows an attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
ex_urllive.txt
URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific Software Publishing, Inc. http://www.urllive.com/ also has a "../" security problem, any users can download any files on the victim host. example: http://www.xxx.yy.jp/../../../../config.sys...
Alibaba get32.exe Arbitrary Command Execution
The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon typically root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Alibaba tst.bat Arbitrary Command Execution
The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
Web Server robots.txt Information Disclosure
The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a website for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the...
compaq.insight.manager.server.txt
Date: Wed, 26 May 1999 16:41:36 +0100 From: [email protected] To: [email protected] Subject: Infosec.19990526.compaq-im.a Infosec Security Vulnerability Report No: Infosec.19990526.compaq-im.a ===================================== Vulnerability Summary --------------------- Problem:...
WinWebserver-exploit.txt
http://www.sddt.com/files/library/98/06/25/tbc.html Source Programmers Discover Internet Server Bug Daily Transcript Business Report June 25, 1998 Programmers at San Diego Source, the online news service of the San Diego Daily Transcript, have discovered a security hole affecting Web server...
http-request_method.txt
Date: Wed, 6 Jan 1999 13:16:07 -0000 From: mnemonix To: [email protected] Subject: HTTP REQUESTMETHOD flaw There is a "feature" inherent in some web servers, such as Apache 1.3.x or MS IIS, that carries mild security implications that could allow web server attacks to go unnoticed. The problem...
exlibris.alpeh.webserver.txt
Date: Fri, 21 May 1999 12:08:00 +0200 From: Jakub Urbanec To: [email protected] Subject: ExLibris Aleph Web server Security Alert We have found a security hole in web server bundled with Aleph librarian system ver. 3.25 and higher ExLibris. The web server in its default configuration allows...
cfusion.txt
L0pht Security Advisory ------------- URL Origin: http://www.l0pht.com/advisories.html Release Date: April 20th, 1999 Application: Cold Fusion Application Server Severity: Web users can download, delete and even upload executable files to a Cold Fusion server. Access is not limited to files under...
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
The remote host appears to be using the CdomainFree 'whoisraw.cgi' script. This CGI script allows an attacker to view any file on the target computer, as well as to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...