Advisory for MP3Mystic

Advisory for MP3Mystic MP3Mystic is made by mp3mystic.com Site: http://www.mp3mystic.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0117 /-|=explanation=|- MP3Mystic is a webserver that lets a visitor browse your harddrive only showing MP3 files. It is vulnerable to...

Drummond Miles A1Stats 1.0 - a1disp4.cgi Traversal Arbitrary File Read

Drummond Miles A1Stats 1.0 - a1disp4.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...

T. Hauck Jana Server 1.45/1.46 - Hex Encoded Directory Traversal

source: https://www.securityfocus.com/bid/2703/info It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal arbitrary directories. In addition to revealing directories, this...

Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)

Summary - New Tektronix Xerox printers have covered up a security through obscurity flaw discovered in November, 1999 with more security through obscurity. The unauthenticated and unfiltered administrator configuration page on the PhaserLink webserver is now located at the URL...

Advisory for GoAhead Webserver v2.1

Advisory for GoAhead Webserver v2.1 GoAhead Webserver is made by GoAhead. Site: http://www.goahead.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0104 /-|=explanation=|- GoAhead is well, a webserver. It has a denial of service. /-|=who is vulnerable=|- Anyone runnin...

Advisory for Xitami 2.4d7, 2.5d4

Advisory for Xitami 2.4d7, 2.5d4 Xitami is made by Imatix. Site: http://xitami.com by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0105 /-|=explanation=|- Xitami is a webserver. It has a denial of service. /-|=who is vulnerable=|- Anyone running Xitami 2.5d4, 2.4d7 and...

Advisory for Viking

Advisory for Viking Viking is made by Robtex. Site: http://www.robtex.com/viking by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0107 /-|=explanation=|- Viking is a webserver. It has a simple hex encoded dot dot bug. /-|=who is vulnerable=|- Tested to be vulnerable: Viki...

PHPSlash 0.5.3 2/0.6.1 - URL Block Arbitrary File Disclosure

source: https://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash users who can 'edit' URL blocks. Exploitation may result in...

talkback.cgi vulnerability may allow users to read any file

whizkunde security advisory: talkback CGI http://www.whizkunde.org | [email protected] ---------------------------------------------------------- Release date: April 9th 2001 Subject: talkback.cgi security problem Systems affected: UNIX systems running talkback CGI script Vendor:...

Caucho Technology Resin 1.21.3 - JavaBean Disclosure

Caucho Technology Resin 1.21.3 - JavaBean Disclosure source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside ...

Caucho Technology Resin 1.2/1.3 - JavaBean Disclosure

source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected directory, '/WEB-INF/classes/'...

Microburst uStorekeeper 1.x - Arbitrary Commands

source: https://www.securityfocus.com/bid/2536/info A vulnerability exists in versions of uStorekeeper Online Shopping System from Microburst Technologies. The script fails to properly validate user-supplied input, allowing remote users to submit URLs containing '/../' sequences and arbitrary...

602Pro Lansuite Denial Of Service 1.0.34

Advisory Name:Lansuite Webserver Denial of Service Discovered:8th and 23rd Of March 2001 Application:602Pro Lansuite 2000a 1.0.34 - prior versions and possibly 1.0.35 Platform:Windows 2k,95/98/NT - others unknown Severity:Denial of service from application Credit:[email protected] Vendor...

MS00-086: Webserver file request parsing (277873)

The hotfix for the 'Webserver file request parsing' problem has not been applied. This vulnerability can allow an attacker to execute arbitrary commands through the remote IIS server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10632; scriptversion"1.47";...

IkonBoard 2.1.7b - Remote File Disclosure

source: https://www.securityfocus.com/bid/2471/info Ikonboard is a perl-based discussion forum script from ikonboard.com. Versions of Ikonboard are vulnerable to remote disclosure of arbitrary files. By adding a null byte to the name of a requested file, the attacker can defeat the script's inbui...

Free Online Dictionary of Computing 1.0 - Remote File Viewing

source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as...

Vulnerability in Resin Webserver

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Resin Webserver Overview Resin 1.2.2 is a webserver available from http://www.caucho.com and http://java.tucows.com. A vulnerability exists which allows a remote user to break out of the web root using relative path...

Bajie WebServer 0.780.90 - Remote Command Execution

Bajie WebServer 0.780.90 - Remote Command Execution source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These...

Bajie 0.78 - Arbitrary Shell Command Execution

Bajie 0.78 - Arbitrary Shell Command Execution source: https://www.securityfocus.com/bid/2389/info Requesting a specailly crafted URL containg arbitrary code, can be exected on a Unix system running Bajie Webserver. Any arbitrary commands appended to a malicious URL after the ';' will be executed...

Bajie WebServer 0.78/0.90 - Remote Command Execution

source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These uploaded scripts are placed in known destination...