IP Protocols Scan

This plugin detects the protocols understood by the remote IP stack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid14788; scriptversion"1.27"; scriptsetattributeattribute:"pluginmodificationdate",...

FreeBSD : courier-imap -- format string vulnerability in debug mode (26)

The following package needs to be updated: courier-imap %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg616cf823f48b11d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

RPC debug_svc Service In Use

Binary data 1052.prm...

Sendmail < 8.6.8 Long Debug Local Overflow

Binary data 2016.prm...

Sendmail ResrictQueueRun Debug Information Disclosure

Binary data 2027.prm...

courier-imap -- format string vulnerability in debug mode

An iDEFENSE security advisory describes a format string vulnerability that could be exploited when Courier-IMAP is run in debug mode DEBUGLOGIN set...

NETGEAR DG834G unauthorized access

It's possible to switch router to debug mode with unauthorized root access...

NETGEAR DG834G SPECIAL FEATURES

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....

netgearDG834G.txt

By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the router....

Sun Solaris patches may cause passwords to be logged in clear text

Overview Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text. Description Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in thes...

CVE-2003-0812

Stack-based buffer overflow in a logging function for Windows Workstation Service WKSSVC.DLL allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file "NetSetup.LOG", as demonstrated using the NetAddAlternateComputerName API...

MS Windows XP Workstation Service Remote Exploit (MS03-049)

漏洞描述：Microsoft DCE/RPC服务可以提供网络管理功能，这些功能提供管理用户帐户和网络资源管理的功能。部分网络管理功能在Windows目录下的"debug"子目录会生成调试日志文件。Microsoft Workstation服务在处理日志记录时缺少充分的边界缓冲区检查，远程攻击者可以利用这个漏洞提供超长参数触发缓冲区溢出，以SYSTEM权限在系统上执行任意指令。 日志功能中使用vsprintf在日志文件中生成字符串，日志文件名为"NetSetup.LOG"，其保存在Windows "debug"目录中。...

[Full-Disclosure] Cutenews 1.3 information disclosure

.oO Overview Oo. Cutenews 1.3 information disclosure Discovered on 2003, July, 12th Vendor: CutePHP Cutenews is a powerful and easy for using news management system that use flat files to store its database. It supports comments and archives, search function, image uploading, backup function, IP...

CuteNews 1.3 - Debug Query Information Disclosure

source: https://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the exposure of information returned from a...

CuteNews 1.3 - Debug Query Information Disclosure

CuteNews 1.3 - Debug Query Information Disclosure source: https://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will...

Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit

Exploit for linux platform in category remote exploits ============================================================= Apache modgzip with debugmode = 1.2.26.1a Remote Exploit ============================================================= / \ exploit code for modgzip with debugmode = 1.2.26.1a / ...

Apache mod_gzip (with debug_mode) &lt;= 1.2.26.1a Remote Exploit

No description provided by source. / \ exploit code for modgzip with debugmode = 1.2.26.1a / \ Created by xCrZx crazyeinstein yahoo com /05.06.03/ / \ Tested on RedHat 8.0 Psyche here is target for it, / also tested on FreeBSD 4.7 1.3.19.2a here is no target for it : / \ / / \ / Single mode: \ /...

CVE-2003-0844

modgzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via 1 a symlink attack on predictable temporary filenames on Unix systems, or 2 an NTFS hard link on Windows systems when the...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these vulnerabilities. Four instances of...

CVE-2003-0777

saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service segmentation fault...