5278 matches found
MAILNEWS mailnews.cgi Arbitrary Command Execution
mailnews.cgi is being hosted on the remote web server. Input to the 'address' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands with the privileges of the web server. Please note Nessus only checked for the presence of this CGI, and did not...
New Allaire Security Zone Bulletins Posted
Dear Allaire Customer -- New security issues that may affect Allaire customers have recently come to our attention. Please visit the Security Zone at the Allaire Web site to learn about these new issues and what actions you can take to address them: http://www.allaire.com/security This week we...
TalentSoft Web+ ClientMonitorserver 4.6 - Source Code Disclosure
TalentSoft Web+ ClientMonitorserver 4.6 - Source Code Disclosure source: https://www.securityfocus.com/bid/1722/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. Web+ can be used to display the source code of WML files residing on an NTFS...
Web Application Security Survey
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. disclaimer The opinions, ideas and information expressed in the following text are my...
webmail.txt
-Web Application Security Survey- Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all currently vulnerable to web based attack. disclaimer The opinions, ideas and information expressed in the following text are my...
FS-072800-9-BEA.txt
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...
ISS ICEcap Default Password
The ICEcap package has a default login of 'iceman' with no password. An attacker may use this fact to log into the console and/or push false alerts on port 8082. In addition to this, an attacker may inject code in ICEcap v2.0.23 and below. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Than...
allmanage.pl.txt
Allmanage.pl vulnerability 13 may 2000 Websites using 'Allmanage Website Administration Software 2.6 WITH the upload ability', and maybe earlier versions , contain a vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main...
CVE-1999-0665
An application-critical Windows NT registry key has an inappropriate value...
CVE-1999-0665
An application-critical Windows NT registry key has an inappropriate value...
CVE-1999-0664
An application-critical Windows NT registry key has inappropriate permissions...
Sun Java Web Server 1.1 Beta - Viewable .jhtml Source
source: https://www.securityfocus.com/bid/1891/info A vulnerability exists in Sun Microsystems' JavaWebServer for Win32, version 1.1Beta. JavaWebServer is a Java-oriented web application development platform. If a URL is submitted requesting a .jhtml file an HTML document with embedded Java sourc...
AIX lquerylv - Local Buffer Overflow / Local Privilege Escalation
include include include char prog100="/usr/sbin/lquerylv"; char prog230="lquerylv"; extern int execv; char createvarchar name,char value char c; int l; l=strlenname+strlenvalue+4; if ! c=mallocl perror"error allocating";exit2;; strcpyc,name; strcatc,"="; strcatc,value; putenvc; return c; /The...
CVE-2022-36827
...
CVE-2022-40553
...
CVE-2023-39849
...
CVE-2021-41857
...
Bing Bar MASP 4-5
...