Aprelium Abyss Webserver DoS

Incomplete Connection: and Range: headers cause server to crash...

Abyss X1 1.1.2 remote crash

Application: Abyss Webserver http://www.aprelium.com Versions: X1 v 1.1.2 Platform: Windows and Linux Bug: Crash caused by the reading of an unreacheable memory zone Risk: Remote crash Author: Auriemma Luigi e-mail: [email protected] web: http://www.pivx.com/luigi/ 1 Introduction 2 Bug 3 The Code 4...

abyss.txt

Application: Abyss Webserver http://www.aprelium.com Versions: X1 v 1.1.2 Platform: Windows and Linux Bug: Crash caused by the reading of an unreacheable memory zone Risk: Remote crash Author: Auriemma Luigi e-mail: [email protected] web: http://www.pivx.com/luigi/ 1 Introduction 2 Bug 3 The Code 4...

CVE-2002-1504

Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via ".." dot-dot backslash sequences in a URL...

WebCart.pl

WebCart exploit Spawn bash style Shell with webserver uid Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 =...

ShopCart.pl

Shopcart exploit Spawn bash style Shell with webserver uid Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 = "/cgi-local/shop.pl/page=;";...

CVE-2003-0169

hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service CPU consumption via a request to hpnst.exe that calls itself, which causes an infinite loop...

CVE-2002-1535

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present...

CVE-2002-1504

This CVE-2002-1504 entry pertains to WebServer 4 Everyone 1.22 and describes a directory traversal vulnerability where remote attackers can read arbitrary files through URL dot-dot backslash sequences ("..\"). The described root cause is improper normalization of path traversal in user-supplied U...

CVE-2002-1535

CVE-2002-1535 affects Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2. An attacker can discover internal host IP addresses by sending a CONNECT request and observing differing error messages depending on host presence, implying partial disclosure of internal topology. Th...

CVE-2002-1504

Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via ".." dot-dot backslash sequences in a URL...

CVE-2002-1535

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present...

PeopleSoft XML unauthorized access

It's possible to access any webserver files by using XML External Entities. By using SchedulerTransfer servlett it's possible to write arbitrary files on server...

DotBr 0.1 - Exec.php3 Remote Command Execution

DotBr 0.1 - Exec.php3 Remote Command Execution source: https://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary...

DotBr 0.1 - System.php3 Remote Command Execution

DotBr 0.1 - System.php3 Remote Command Execution source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitra...

DotBr 0.1 - 'System.php3' Remote Command Execution

source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the...

DotBr 0.1 - 'Exec.php3' Remote Command Execution

source: https://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the...

Abyss WebServer Brute Force Vulnerability

Abyss WebServer Brute Force Vulnerability Package: Abyss WebServer Vendor Web Site: http://www.aprelium.com Versions: All versions = v1.1.2 Platforms: Linux, Windows Local: No Remote: Yes Fix Available: Nofix in progress Vendor Contacted: Sunday, February 09, 2003 6:12 PM Advisory Author: thomas...

Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion

source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under some circumstances, it is possible fo...

Another YabbSE Remote Code Execution Vulnerability

YabbSE Remote Code Execution 2 Vulnerability By Mindwarper :: [email protected] :: ------- ------- ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 24/01/02 Vender Response : None ---------------------- Affecte...