Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service

source: https://www.securityfocus.com/bid/6320/info Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project. Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms. It has been reported that a denial of service exists i...

CVE-2002-1315

Cross-site scripting XSS vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability i...

CVE-2002-1316

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue CVE-2002-1315...

Remote POST Buffer Overflow vulnerability in Pserv.

======================================== INetCop Security Advisory 2002-0x82-005 ======================================== Title: Remote POST Buffer Overflow vulnerability in Pserv Pico Server. 0x01. Description Pico server is very small webserver of C language base that support several platforms...

WebServer 4 Everyone Host Field Header Buffer Overflow

The remote web server is running a version of WebServer 4 Everyone that crashes when it receives a request for a long filename 2000 bytes and the Host request header is set to '127.0.0.1'. C Tenable Network Security, Inc. Some vulnerable servers: WebServer 4 Everyone v1.28 References: From:"Tamer...

CVE-2002-1315

The CVE-2002-1315 entry describes a Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x up to SP11, allowing remote attackers to inject and execute script/HTML as the iPlanet administrator by placing the script in error logs; it may enable privilege escalation w...

CVE-2002-1316

CVE-2002-1316 affects iPlanet WebServer 4.x (Admin Server) up to Service Pack 11, where the dir parameter can be manipulated with shell metacharacters to execute arbitrary commands. This vulnerability, reported alongside CVE-2002-1315 (XSS), enables potential unauthorized command execution and pa...

CVE-2002-1315

Cross-site scripting XSS vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability i...

CVE-2002-1316

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue CVE-2002-1315...

iPlanet WebServer, remote root compromise

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next Generation Security Technologies http://www.ngsec.com Security Advisory Title: iPlanet WebServer, remote root compromise ID: NGSEC-2002-4 Application: iPlanet WebServer 4. up to SP11 Date: 11/19/2002 Status: Vendor contacted on 09/28/2002, Sun...

Multiple bugs in iPlanet WebServer

Crossite scripting, administration interface code execution...

MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-

My first post, please bare with me. -/-About.-/- I found this problem auditing a webserver, it’s a standard bufferoverflow i guess, but i am not sure how to find all the technical information but if anyone knows what to do i would like to know, if some one have the time to send a brief mail or...

[SECURITY] [DSA 188-1] New Apache-SSL packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 188-1 [email protected] http://www.debian.org/security/ Martin Schulze November 5th, 2002 http://www.debian.org/security/faq -...

Xeneo Webserver DoS

Request http://target.server/ causes service to crash...

CVE-2002-1212

Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to cause a denial of service crash via a long HTTP GET request...

Webserver 4D Plaintext Password Storage

According to its Server response header, the remote web server is Webserver 4D 3.6 or lower. Such versions store all usernames and passwords in plaintext in the file 'Ws4d.4DD' in the application's installation directory. A local attacker can exploit this flaw to gain unauthorized privileges on...

Buffer overflow in WebServer 4 Everyone

Buffer overflow on oversized GET request...

CVE-2002-1212

CVE-2002-1212 affects RadioBird Software WebServer 4 Everyone versions prior to 1.30. The vulnerability is a buffer overflow triggered by a long HTTP GET request, allowing remote attackers to crash the server (DoS). Public details in NVD/NVD-related OpenVAS entries confirm a remote DoS via overly...

CVE-2002-1213

RadioBird Software WebServer 4 Everyone versions 1.23 and 1.27 (and earlier than 1.30) contain a directory-traversal vulnerability that lets remote attackers read arbitrary files via HTTP requests containing dot-dot sequences with URL-encoded forward slashes (%2F). Root cause: improper validation...

iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.15.02: http://www.idefense.com/advisory/10.15.02.txt DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone October 15, 2002 I. BACKGROUND RadioBird Software's WebServer 4 Everyone is a free "Powerful,...