Xedus XSS

The remote host runs Xedus Peer to Peer webserver. This version is vulnerable to cross-site scripting attacks. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. OpenVAS Vulnerability Test $Id: xedusxss.nasl 9087 2018-03-12 17:24:24Z...

Webserver 4D Cleartext Passwords

The remote host is running Webserver 4D 3.6 or lower. Version 3.6 of this service stores all usernames and passwords in cleartext. File: C:\Program Files\MDG\Web Server 4D 3.6.0\Ws4d.4DD A local attacker may use this flaw to gain unauthorized privileges on this host. OpenVAS Vulnerability Test $I...

Raptor FW version 6.5 detection

By sending an invalid HTTP request to an webserver behind Raptor firewall, the http proxy itself will respond. The server banner of Raptor FW version 6.5 is always 'Simple, Secure Web Server 1.1' You should avoid giving an attacker such information. OpenVAS Vulnerability Test $Id: raptordetect.na...

Roxen counter module

The Roxen Challenger webserver is running and the counter module is installed. Requesting large counter GIFs eats up CPU-time on the server. If the server does not support threads this will prevent the server from serving other clients. SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text...

Keene digital media server XSS

The remote host runs Keene digital media server, a webserver used to share digital information. This version is vulnerable to multiple cross-site scripting attacks which may allow an attacker to steal the cookies of users of this site. SPDX-FileCopyrightText: 2004 David Maciejak Some text...

TelCondex Simple Webserver Buffer Overflow

The TelCondex SimpleWebserver is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header. SPDX-FileCopyrightText: 2003 Matt North Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

bizdb1-search.cgi located

One of the BizDB scripts, bizdb-search.cgi, passes a variable SPDX-FileCopyrightText: 2000 Roelof Temmingh Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VsSetCookie.exe Remote Vulnerability

The file VsSetCookie.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

Webserver 4D Cleartext Passwords

The remote host is running Webserver 4D 3.6 or lower. Version 3.6 of this service stores all usernames and passwords in cleartext. File: C:\Program Files\MDG\Web Server 4D 3.6.0\Ws4d.4DD SPDX-FileCopyrightText: 2002 Jason Lidow Some text descriptions might be excerpted from a referenced sources,...

Microsoft IIS Dangerous Default Files - Active Check

The file viewcode.asp is a default IIS files which can give a malicious user a lot of unnecessary information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a webserver hard drive. Example:...

MiniShare webserver buffer overflow

MiniShare 1.4.1 and prior versions are affected by a buffer overflow flaw. SPDX-FileCopyrightText: 2005 SensePost Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sambar /sysadmin Vulnerability

The Sambar webserver a web interface for configuration purposes. The admin user has no password and there are some other default users without passwords. Everyone could set the HTTP-Root to c:\ and delete existing files. SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text descriptions might be...

Xedus directory traversal

The remote host runs Xedus Peer to Peer webserver. This version is vulnerable to directory traversal. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Jigsaw webserver MS/DOS device DoS

It was possible to crash the Jigsaw web server by requesting /servlet/con about 30 times. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Snoopy 0.9x1.01.2 - Arbitrary Command Execution

Snoopy 0.9x1.01.2 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized...

Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access to the application in the context of...

Debian DSA-839-1 : apachetop - insecure temporary file

Eric Romang discovered an insecurely created temporary file in apachetop, a realtime monitoring tool for the Apache webserver that could be exploited with a symlink attack to overwrite arbitrary files with the user id that runs apachetop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file

-------------------------------------------------------------------------- Debian Security Advisory DSA 839-1 [email protected] http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq -...

DSA-839-1 apachetop - insecure temporary file

Bulletin has no description...

[Full-disclosure] Sawmill XSS vuln

This has been delayed until the vendor had released a new version: SNIP Date: Fri, 26 Aug 2005 11:48:48 -0700 From: Greg Ferrar [email protected] User-Agent: Mozilla Thunderbird 1.0.2 Macintosh/20050317 X-Accept-Language: en-us, en To: [email protected] Cc: [email protected]...