CVE-2002-1484

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems port scan via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error...

WU-FTPD Debug Mode Client Hostname Remote Format String

The remote WU-FTPd server, according to its version number, is vulnerable to a format string attack when running in debug mode. C Tenable Network Security, Inc. Affected: wu-ftpd up to 2.6.1 include"compat.inc"; if description scriptid11331; scriptversion"1.25";...

CVE-2003-1078

The FTP client for Solaris 2.6, 7, and 8 with the debug -d flag enabled displays the user password on the screen during login...

PT-2002-2753 · Php · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 5.4 and earlier Description: The issue allows remote attackers to gain SQL query information by exploiting debugging features that are not properly restricted. This can be achieved by setting the sql debug parameter in...

DB4Web Server Debug Mode TCP Port Scanning Proxy

The DB4Web debug page allows anybody to scan other machines. This could allow a remote attacker to learn more about the internal network layout, which could be used to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: From:[email protected] To:...

CVE-2002-0918

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...

DB4Web 3.43.6 - Connection Proxy

DB4Web 3.43.6 - Connection Proxy source: https://www.securityfocus.com/bid/5725/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. B...

CVE-2002-0856

SQLNET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service crash via certain debug requests that are not properly handled by the debugging feature...

CVE-2002-0918

The vulnerability CVE-2002-0918 affects CGIScript.net csPassword.cgi. The root cause is leakage of the server pathname via debug messages generated on script failure, which can be triggered through a remote attacker using a remove option in the command parameter to cause an error. Impact is expos...

EUVD-2002-0909

CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error...

Sendmail RestrictQueueRun Option Debug Mode Information Disclosure

According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running sendmail -q -d0-nnnn.xxx where nnnn & xxx...

CVE-2001-1199

Agora CGI Cross Site Scripting (CVE-2001-1199) affects Agora versions 3.0a–4.0g due to improper input validation in the cart_id parameter when debug mode is on, enabling remote attackers to execute JavaScript in other clients. The vulnerability is documented in multiple sources (e.g., OpenVAS des...

CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cartid parameter...

Multiple Vulnerabilities in CISCO VoIP Phones

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abstract - -------- The 7900 line of VoIP phones from Cisco contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information; the phones are also weak in ways that facilitate man-in-the-middle attacks...

Debploit: Microsoft Windows NT/2000 debug API privelege escalation

By connection to PLC port DbgSsApiPOrt it's possible to obtain handler for any process or thread for debugging...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-2002-0215

Agora.cgi versions 3.2r through 4.0 in debug mode disclose the full pathname of the agora.cgi file when a non-existent .html file is requested, enabling remote disclosure of server file paths. This is an information disclosure vulnerability in the web application component. The affected component...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-1999-1309

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug -d command line option...

CVE-1999-1309

The CVE-1999-1309 entry describes a local privilege escalation in Sendmail via a long value in the debug -d option, enabling root access on affected systems. According to connected sources, this affects Sendmail 8.x prior to 8.6.7 (long debug overflow). The underlying issue is a local overflow tr...