Lucene search
K

5278 matches found

Tenable Nessus
Tenable Nessus
added 2003/07/21 12:0 a.m.30 views

AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc)

The remote host is running AtomicBoard, a weblog and message board system written in PHP. A directory traversal vulnerability exists in the 'location' parameter of the 'index.php' file. An attacker could exploit this in order to read arbitrary files subject to the privileges of the web server...

5.5AI score
Exploits0References1
securityvulns
securityvulns
added 2003/07/18 12:0 a.m.44 views

eStore SQL Injection Vulnerability & Path Disclosure

1ndonesian Security Team 1st http://bosen.net/releases/ ============================================================== Security Advisory Advisory Name: eStore SQL Injection Vulnerability & Path Disclosure Release Date: 07/15/2003 Application: eStore 1.0.1 eStore 1.0.2 eStore 1.0.2b Platform: PHP...

8.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/06/11 12:0 a.m.94 views

Lucent VitalNet VsSetCookie.exe Unauthorized Access

The VsSetCookie.exe CGI exists on the remote web server. Some versions of this file have an unauthorized access vulnerability. Making a request similar to : http://www.example.com/cgi-bin/VsSetCookie.exe?vsuser= will result in full access if a valid username is provided. Please note Nessus solely...

7.5CVSS5.6AI score0.07414EPSS
Exploits1References2
securityvulns
securityvulns
added 2003/05/23 12:0 a.m.27 views

CGI bugs

No description provided...

1.4AI score
Exploits0References5Affected Software4
securityvulns
securityvulns
added 2003/05/16 12:0 a.m.29 views

OneOrZero Security Problems (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.oneorzero.com Version : 1.4 rc4 Problems : - SQL Injection - Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° supporter/tupdate.php : -------------------------------------------------------------------------- if$groupid == 'change' $sql =...

Exploits0
Tenable Nessus
Tenable Nessus
added 2003/03/27 12:0 a.m.59 views

Horde IMP mailbox.php3 Multiple Parameter SQL Injection

The remote server is running IMP, a web-based mail client. There is a bug in the installed version which allows an attacker to perform a SQL injection attack using the 'actionID' parameter of the 'mailbox.php3' script. An attacker may use this flaw to gain unauthorized access to a user mailbox or...

7.5CVSS5.5AI score0.27971EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2003/02/17 12:0 a.m.148 views

PHP-Nuke Detection

The remote host is running a copy of PHP-Nuke. Given the insecurity history of this package, the Nessus team recommends that you do not use it but use something else instead, as security was clearly not in the mind of the persons who wrote it. The author of PHP-Nuke Francisco Burzi even started t...

10CVSS5.5AI score0.08245EPSS
Exploits6References11
Exploit DB
Exploit DB
added 2003/01/14 12:0 a.m.19 views

vAuthenticate 2.8 - SQL Injection

source: https://www.securityfocus.com/bid/6605/info A vulnerability has been discovered in vAuthenticate. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages. An...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.25 views

CVE-2002-2326

The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic...

5CVSS6.9AI score0.01275EPSS
Exploits0References4
exploitpack
exploitpack
added 2002/10/10 12:0 a.m.10 views

PHPRank 1.8 - add.php Cross-Site Scripting

PHPRank 1.8 - add.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5945/info phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems. It has been reported that phpRank is vulnerable to cross-site scripting...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/17 12:0 a.m.24 views

DB4Web 3.4/3.6 - File Disclosure

source: https://www.securityfocus.com/bid/5723/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. A directory traversal bug exists i...

7.4AI score
Exploits0
CVE
CVE
added 2002/07/26 4:0 a.m.43 views

CVE-2002-0752

Technical details for CVE-2002-0752 are not publicly provided in the supplied documents. Monitor for updates from connected sources to obtain affected product/version, impact, or remediation information.

5CVSS6.2AI score0.02048EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2002/06/26 12:0 a.m.972 views

Web Server Directory Enumeration

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not. This plugin was written by H D Moore Changes by Tenable: - Revised plugin title...

6.4CVSS5.7AI score0.02144EPSS
Exploits1References1
CVE
CVE
added 2002/06/25 4:0 a.m.58 views

CVE-2001-1322

The CVE-2001-1322 issue concerns xinetd up to version 2.1.8 (and earlier) running with a default umask of 0, allowing local users to read or modify files created by processes started by xinetd that don’t set a safe umask. Public sources in the connected docs identify this as a local-privilege ris...

3.6CVSS6.2AI score0.00363EPSS
Exploits0References8Affected Software1
exploitpack
exploitpack
added 2002/05/28 12:0 a.m.10 views

Image Display System 0.8.1 - Directory Existence Disclosure

Image Display System 0.8.1 - Directory Existence Disclosure source: https://www.securityfocus.com/bid/4870/info IDS Image Display System is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner. Users can confirm the existence and...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/05/28 12:0 a.m.28 views

Image Display System 0.8.1 - Directory Existence Disclosure

source: https://www.securityfocus.com/bid/4870/info IDS Image Display System is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner. Users can confirm the existence and location of various directories residing on the IDS host. This...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/11/14 12:0 a.m.27 views

Атаки на подбор идентификаторов сеансов (Session ID bruteforce)

No description provided...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2001/08/16 12:0 a.m.28 views

webridge application suite gives up too much error information on Internal Server Error

Hi. I accidently come across this error yesterday. Im not sure what to class it as but it sure is a bug of some kind. This occurred because I tried to view some pages on the site and forgot to remove the trailing slash so it had // at the end of the URL. Still it should not give up this informati...

Exploits0
Tenable Nessus
Tenable Nessus
added 2001/06/15 12:0 a.m.19 views

BroadVision One-To-One Enterprise Nonexistent JSP Request Path Disclosure

BroadVision reveals the physical path of the webroot when asked for a nonexistent .jsp file if it is configured incorrectly. While displaying errors is useful for debugging applications, this feature should not be enabled on production servers. A remote attacker could use this information to moun...

5CVSS5.4AI score0.01448EPSS
Exploits1References2
security_vulns
security_vulns
added 2001/05/12 12:0 a.m.28 views

File locking and security

Topic : File locking and security Author : 3APA3A Affected software : Windows NT 4.0, Windows 2000 and may be another systems Exploitable : Yes Remotely exploitable : No Category : Design flaw Background: Application can lock the file after file description is open by application or in open call...

0.2AI score
Exploits0
Rows per page
Query Builder