[Full-disclosure] Secunia Research: Webroot Desktop Firewall Two Vulnerabilities

====================================================================== Secunia Research 06/10/2005 - Webroot Desktop Firewall Two Vulnerabilities - ====================================================================== Table of Contents Affected...

[Full-disclosure] mimicboard2

EXPL-A-2005-013 exploitlabs.com Advisory 042 - - mimicboard2 - AFFECTED PRODUCTS mimicboard2 086 and lower http://www.chitta.com/nobu/download/mimic2 OVERVIEW Mimic2 is a html open forum type of blog, tailored in particular to the Japaneese market and is very popular DETAILS 1. XSS Mimic2 does...

[Full-Disclosure] Webroot Spy Sweeper Enterprise Adminpassord open to the world

Not sure if this list is the right place for this....... Spy Sweeper Enterprise from webroot http://www.webroot.com/products/spysweeper/enterprise/ leaves the admin password in plain site you can find it by going to HKEYLOCALMACHINESOFTWAREWebrootEnterpriseSpy Sweeperap This can be done from the...

Webroot Spy Sweeper weak encryption

Password is stored in registry uencrypted...

MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack by adding a trailing '/' character to the executable filename. The...

PServ directory traversal

With // it's possible to traverse webroot...

Cyclonic Webmail 4 multiple vulnerabilities

Software: Cyclonic Webmail Version : 4 vendor : Stallion Networking 1. Software description ---------------------- Cyclonic is a webbased interface allowing users to handle emails stored on a POP Server. This software is Freeware 2. Vulnerability description ------------------------- - bypassing...

typo3 issues

hola, ... [email protected]/Martin Eiszner ===================== Security REPORT TYPO3 ===================== this document: http://www.websec.org/adv/typo3.html Product: Typo3 Version 3.5b5 / Earlier versions are possibly vulnerable too Vendor: Typo3 http://www.typo3.com Vendor-Status:...

typo3 issues

hola, ... [email protected]/Martin Eiszner ===================== Security REPORT TYPO3 ===================== this document: http://www.websec.org/adv/typo3.html Product: Typo3 Version 3.5b5 / Earlier versions are possibly vulnerable too Vendor: Typo3 http://www.typo3.com Vendor-Status:...

Resin MS-DOS Device Request Path Disclosure

Resin will reveal the physical path of the webroot when asked for a special DOS device, e.g. lpt9.xtp An attacker may use this flaw to gain further knowledge about the remote filesystem layout. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderson...

Apache Tomcat default installation contains sample applications that disclose webroot path

Overview There is an insecure default configuration in Apache Tomcat web server that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration. Description There are several sample...

Novell NetWare default installation contains sample files that disclose sensitive server information

Overview Novell NetWare 5.1 is a network management operating system that enables access to files, printers, directories, email, databases, and other network interfaces, as well as providing a web interface. There is an insecure default configuration that places several sample applications in the...

Vulnerability in Apache Tomcat v3.23 & v3.24 (part 3)

Procheckup Ltd www.procheckup.com Procheckup Security Bulletin PR02-7 Description: Tomcat multiple sample files display webroot location on default configuration on request. Date: 8/1/2002 Application: Apache Tomcat java server v3.23, 3.24. Platform: Linux/Unix Severity: Remote attackers can obta...

Vulnerability in Apache Tomcat v3.23 & v3.24

Procheckup Ltd www.procheckup.com Procheckup Security Bulletin PR02-05 Description: Tomcat source.jsp directory listing and webroot location display Date: 8/1/2002 Application: Apache Tomcat Java server versions 3.23 and 3.24 Platform: Linux/Unix Severity: Remote attackers can obtain listings of...

Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1

Westpoint Security Advisory Title: Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Risk Rating: High Software: ServletExec 4.1 ISAPI / IIS 4 & 5 Platforms: Win2k / WinNT 4 Vendor URL: www.newatlanta.com Author: Matt Moore [email protected] Date: 22 May 2002 Advisory ID:...

NewAtlanta ServletExecISAPI 4.1 - File Disclosure

NewAtlanta ServletExecISAPI 4.1 - File Disclosure source: https://www.securityfocus.com/bid/4795/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI will disclose the contents of arbitrary files...

[ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability

+/--------------- ALPER Research Labs -----/--------/+ +/--------------- Security Advisory ----/---------/+ +/--------------- ID: ARL02-A07 ---/----------/+ +/--------------- [email protected] --/-----------/+ Advisory Information -------------------- Name : ARSC Really Simple Chat System...

Apache Tomcat Nonexistent File Error Message Path Disclosure

Tomcat will reveal the physical path of the webroot when asked for a nonexistent .jsp file. An unauthenticated, remote attacker can exploit this via a specially crafted request. An attacker can use this flaw to gain further knowledge about the remote filesystem layout. %NASLMINLEVEL 70300 C Tenab...

Citrix Nfuse 1.51 - Webroot Disclosure

source: https://www.securityfocus.com/bid/2956/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. It has been reported that a remote attacker can...

Citrix Nfuse 1.51 - Webroot Disclosure

Citrix Nfuse 1.51 - Webroot Disclosure source: https://www.securityfocus.com/bid/2956/info Citrix Nfuse is an application portal server meant to provide the functionality of any application on the server via a web browser. Nfuse works in conjunction with a previously-installed webserver. It has...