Oracle 9iAS access to SOAP documentation

In a default installation of Oracle 9iAS, it is possible to access SOAP documentation. These files might be useful for an attacker to determine what application server is being used. OpenVAS Vulnerability Test $Id: oracle9isoapdocs.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS...

Oracle 9i Application Server SOAP Documentation Accessible - Active Check

In a default installation of Oracle 9i Application Server AS, it is possible to access SOAP documentation. These files might be useful for an attacker to determine what application server is being used. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpt...

CVE-2005-2654

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disableanonbind is set, via an HTTP request to login.php with the anonymousbind parameter set...

FreeBSD : php -- multiple vulnerabilities (d47e9d19-5016-11d9-9b5f-0050569f0001)

Secunia reports : Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Moderate: Red Hat Security Advisory: spamassassin security update

An updated spamassassin package that fixes a denial of service bug when parsing malformed messages is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SpamAssassin provides a way to reduce unsolicited commercial email SPAM from...

ASP.NET __VIEWSTATE crypto validation prone to replay attacks

Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...

Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Greetings, There appears to be some deficiencies in both the documentation of the 'md5' authentication methology in pghba.conf and in the md5 hash generation which is stored in pgshadow. The md5 hash which is generated for and stored in pgshadow does not use a random salt but instead uses the...

BakBone NetVault 6.x/7.x Local Stack Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ============================================================ BakBone NetVault 6.x/7.x Local Stack Buffer Overflow Exploit ============================================================ / for more informations class101.org/netv-locsbof.pdf /...

Multiple XSS issues in Sun AnswerBook2

PTT SECURITY ADVISORY DATE: 08-02-2005 AUTHOR: THOMAS LIAM ROMANIS CURRENT EMPLOYER: Echelon Ltd VENDOR: Sun PRODUCT: Sun AnswerBook2 VERSIONS TESTED: 1.4.4 on Solaris 8.0 Sparc TITLE: Multiple issues in Sun Answerbook2 Full Disclosure. Summary. A number of issues have been identified in Sun...

serversAlive.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory information: Title: Servers Alive - Privilege Escalation CVE Candidate Number: CAN-2005-0352 Application: Servers Alive Versions known affected: 4.1, 5.0; other versions not tested. Classification: Privilege Escalation Author: Michael Starks...

CVE-2005-0549

CVE-2005-0549 is a cross-site scripting (XSS) vulnerability in Sun/ Solaris AnswerBook2 Documentation 1.4.4 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the View Log Files function. Affected software is explicitly Sun AnswerBook2 documentation prior to...

CVE-2005-0548

Sun AnswerBook2 (Solaris)

FreeBSD : ez-ipupdate -- format string vulnerability (44)

The following package needs to be updated: ez-ipupdate %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkge69ba632326f11d9b5b7000854d03344.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

Potential Remote Denial of Service

Summary: A remote attacker could cause and smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Patch Availability A patch for Samba 3.0.7 samba-3.0.7-CAN-2004-0930.patch is available from...

Clientexec Billing Software

Clientexec is a php billing software with a target audience of webhosts. By default there is a file called phpinfo.php in the main clientexec directory. This can be access by anyone with a web browser. I looked through the documentation and didn't find any reference to it. I then checked several...

FreeBSD : rssh -- file name disclosure bug (165)

The following package needs to be updated: rssh %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkga4815970c5cc11d88898000d6111a684.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-200...

FreeBSD : samba3 DoS attack (174)

The following package needs to be updated: samba3 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkga711de5c05fa11d9a9b200061bc2ad93.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD : mpg123 buffer overflow (119)

The following package needs to be updated: mpg123-esound %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg15e0e96302ed11d9a20900061bc2ad93.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD : moinmoin -- ACL group bypass (115)

The following package needs to be updated: moinmoin %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg1ecf4ca1f7ad11d896c900061bc2ad93.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD : cvs -- numerous vulnerabilities (29)

The following package needs to be updated: FreeBSD %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgd2102505f03d11d881b0000347a4fa7d.nasl. Disabled on 2011/10/01. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...