ACI 4D WebServer Directory traversal.

vendor: http://www.4d.com/ current version: 6.7 tested version: 6.57 , others? This directory transversal hole seems to work on ACI 4d webserver running on the NT platform. I would imagine exploitation on a macos box would be similar but would require the proper mac filesystem path to the file yo...

CVE-2001-0557

T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' dot dot attack which is URL encoded %2e%2e...

Roxen security alert: URL decoding vulnerable

Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...

CVE-2001-0557

The connected CERT entry details a directory traversal vulnerability in Jana Server versions 1.4x (Windows) where hex-encoded “..” requests are not properly filtered, allowing remote attackers to view any file within the server’s document root with the Jana process privileges. Impact: arbitrary f...

CVE-2001-0557

T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' dot dot attack which is URL encoded %2e%2e...

Sambar Server 4.x/5.0 - Insecure Default Password Protection

source: https://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password decryption algorithm employs only a single key, built into the serv...

CVE-2001-0385

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory...

Perception LiteServe MS-DOS filename vulnerability

Perception LiteServe http://www.cmfperception.com/liteserve.html is a Web, FTP and e-Mail server for Win. When GET requests are made to LiteServe's webserver with the name of the cgi-bin directory as a MS-DOS directory name eg. cgi-shizznitch=CGI-SH1 and cgi-bin=CGI-BIN, LiteServe will read the...

1C: Arcadia Internet Store 1.0 - Path Disclosure

1C: Arcadia Internet Store 1.0 - Path Disclosure source: https://www.securityfocus.com/bid/2904/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the...

Acme.Serve 1.7 - Arbitrary File Access

Acme.Serve 1.7 - Arbitrary File Access source: https://www.securityfocus.com/bid/2809/info Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer. Acme.Serve 1.7 comes with a...

Acme.Serve 1.7 - Arbitrary File Access

source: https://www.securityfocus.com/bid/2809/info Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer. Acme.Serve 1.7 comes with a webserver that listens on port 9090. This...

Faust Informatics FreeStyle Chat 4.1 SR2 MS-DOS Device Name - Denial of Service

Faust Informatics FreeStyle Chat 4.1 SR2 MS-DOS Device Name - Denial of Service source: https://www.securityfocus.com/bid/2777/info A problem with the chat server makes it possible to deny service to legitmate users. By submitting a request to the webserver including the 'AUX' MS-DOS device name,...

IPC@Chip Security

Sentry Research Labs www.sentry-labs.de.vu product: IPC@Chip Beck GmbH vendor informed: 21th of May status: unanswered Note: The demonstration tool and a german version there is also an english download version of this report is available form our website. Siberian...

CVE-2001-0385

GoAhead WebServer is affected by DoS vulnerabilities in multiple paths. CVE-2001-0385 covers GoAhead WebServer 2.1 where a crafted HTTP request to the /aux directory can crash the daemon. Red Hat CVE-2003-1569 extends this on Windows 95/98/ME, showing that GoAhead WebServer before 2.1.5 can be fo...

CVE-2001-0385

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory...

CVE-2001-0749

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root...

Beck IPC GmbH IPC@CHIP - TelnetD Login Account Brute Force

Beck IPC GmbH IPC@CHIP - TelnetD Login Account Brute Force source: https://www.securityfocus.com/bid/2771/info The IPC@Chip is a single-chip embedded webserver from Beck GmbH. The device's inbuilt telnetd service may allow a remote user to repeatedly attempt to login to a given account, without...

CVE-2001-1337

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request...

iPlanet 4.1 Web Publisher - Remote Buffer Overflow (2)

iPlanet 4.1 Web Publisher - Remote Buffer Overflow 2 source: https://www.securityfocus.com/bid/2732/info iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance. By sending a specially crafted request composed of at least 2000 characters it is possible to cause a buffer...

Advisory for Jana server

Advisory for Jana Webserver Site: http://www.janaserver.de by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0112 /-|=explanation=|- Jana Webserver is well, a webserver. It has a hex-encoded dot dot bug and a denial of service. /-|=who is vulnerable=|- Tested to be...