9808 matches found
Microsoft Internet Explorer 4.x5 Outlook 2000 098 0Express 4.x - ActiveX .CAB File Execution
Microsoft Internet Explorer 4.x5 Outlook 2000 098 0Express 4.x - ActiveX .CAB File Execution Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4,Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet...
ie5.javascript.redirect.txt
IE 5.0 allows reading local and from any domain files and window spoofing using HTTP redirection to "javascript:" Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is n...
activeX.file.system.object.txt
Date: Thu, 11 Feb 1999 17:37:18 -0500 From: Gary Geisbert To: [email protected] Subject: Using FSO in ASP to view just about anything This active server page opens the FileSystemObject and streams the contents of the file specified in the "file" parameter. The problem with FSO is...
msie.5.dhtml.cuartango.txt
Date: Wed, 24 Mar 1999 12:11:09 +0100 From: Juan Carlos Garcia Cuartango To: [email protected] Subject: IE 5 security vulnerabilities Greetings, Microsoft delivers with IE 5 an Active X control called "DHTML Edit control Safe for Scripting for IE 5". In my opinion this control IS N...
tcp.md5.router.dos.txt
Date: Mon, 14 Jun 1999 14:29:54 -0400 From: Craig Metz To: [email protected] Subject: TCP MD5 option problem I was implementing the RFC 2385 "Protection of BGP Sessions via the TCP MD5 Signature Option" option in the OpenBSD stack. For those who don't know the significance of this option, it i...
Multiple Unix Netstat Service Remote Information Disclosure
The remote host is running a 'netstat' service on this port. The 'netstat' service provides useful information to an attacker, since it gives away the state of the active connections. It is recommended that you disable this service if you do not use it. C Tenable Network Security, Inc. include...
Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA
source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...
Microsoft IIS 4.0 Microsoft Site Server 3.0 - Showcode ASP
Microsoft IIS 4.0 Microsoft Site Server 3.0 - Showcode ASP source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web...
Microsoft IIS 4.0 / Microsoft Site Server 3.0 - Showcode ASP
source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by the web server. IIS 4.0 installs a...
CVE-1999-1375
FileSystemObject FSO in the showfile.asp Active Server Page ASP allows remote attackers to read arbitrary files by specifying the name in the file parameter...
Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files
Microsoft IIS 3.04.0 - Using ASP and FSO To Read Server Files source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing...
Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files
source: https://www.securityfocus.com/bid/230/info The File System Object FSO may be called from an Active Server Page ASP to display files that exist outside of the web server's root directory. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this synta...
PT-1999-1245 · Rlogin +1 · Rlogin +1
Name of the Vulnerable Software and Affected Versions: rsh/rlogin affected versions not specified Description: The issue is related to the rsh/rlogin service being active. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-1999-1234 · Unknown · Ident/Identd
Name of the Vulnerable Software and Affected Versions: ident/identd affected versions not specified Description: The issue concerns the ident/identd service being active. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this...
PT-1999-1231 · Rexec · Rexec
Name of the Vulnerable Software and Affected Versions: rexec affected versions not specified Description: The issue is related to the rexec service being active. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-1999-1230 · Sun · Rpc.Sprayd
Name of the Vulnerable Software and Affected Versions: rpc.sprayd affected versions not specified Description: The issue is related to the rpc.sprayd service being active. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-1999-1243 · Uucp · Uucp
Name of the Vulnerable Software and Affected Versions: UUCP affected versions not specified Description: The issue is related to the UUCP service being active. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-1998-1098 · Microsoft +1 · Internet Explorer +1
Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Netscape Navigator affected versions not specified Description: A configuration in web browsers allows the execution of active content, including ActiveX, Java, and Javascript. Recommendations...
PT-1997-1112 · Microsoft · Iis
Name of the Vulnerable Software and Affected Versions: IIS version 3.0 Description: The issue allows remote intruders to read source code for ASP programs. This is achieved by using a %2e instead of a . dot in the URL. Recommendations: For IIS version 3.0, apply the necessary configuration change...
DUO-PSA-2020-002: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2020-002 Publication Date: 2020-04-28 Revision Date: 2020-04-28 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and...