Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure

source: https://www.securityfocus.com/bid/4235/info Microsoft IIS supports Basic and NTLM authentication. Reportedly, the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also...

CVE-2001-1372

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...

CVE-2001-1073

Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables 1 APPLPHYSICALPATH, 2 PATHTRANSLATED, and 3 LOCALADDR...

CVE-2001-0829

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message...

Ssdpsrv.exe in WindowsME

By connecting to a computer running Ssdpsrv you are able to crash the Ssdpsrv server. Ssdpsrv.exe is the file that starts the UPnP server on WindowsME boxes. This service comes standard with the WindowsME installation. The Ssdpsrv.exe server is started at boot. Here is the registry entry:...

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

CVE-2001-1073

Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables 1 APPLPHYSICALPATH, 2 PATHTRANSLATED, and 3 LOCALADDR...

Jakarta Tomcat 3.x/4.0 - Error Message Information Disclosure

source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks...

CVE-2001-1161

Cross-site scripting CSS vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script...

CVE-2001-1084

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message...

Qpopper 4.0.3 **** Fixes Buffer Overflow ****

Qpopper 4.0.3 is available at ftp://ftp.qualcomm.com/eudora/servers/unix/popper/. 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 -- PLEASE UPGRADE IMMEDIATELY Changes from 4.0.2 to 4.0.3: ---------------------------- 1. Don't call SSLshutdown unless we tried to negotiate an SSL...

Netscape Messenging Server POP3 Error Message User Account Enumeration

The remote POP server allows an attacker to obtain a list of valid logins on the remote host, thanks to a brute-force attack. If the user connects to this port and issues the commands : USER 'someusername' PASS 'whatever' the user will then get a different response whether the account...

BRS Webweaver 0.x - FTP Root Full Path Disclosure

source: https://www.securityfocus.com/bid/2676/info BRS WebWeaver is an ftpd and webserver from Blaine Southam. WebWeaver's FTP component has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory. By submitting the FTP command CD argumented by an...

DGUX lpsched buffer overflow

Hi there! There's a vulnerability in DG's UNIX implementation DGUX, version R4.20MU06 and MU02 ia32 arch. The problem is when a very long, non-existant, printer name is passed to the program lpsched. It tries to format an error message and then the buffer overflow occurs... Data General was told...

DG/UX 4.20 lpsched - 'Error Message' Local Buffer Overflow

// source: https://www.securityfocus.com/bid/2509/info DGUX is the Data General revision of UNIX. It is designed as a solution for Intel systems produced by Data General. A problem in the handling of error messages by the printer scheduler could allow arbitrary execution of code. By placing a...

sfgate-info.txt

Vendor: http://ls6-www.cs.uni-dortmund.de/ir/projects/SFgate/index.html Action: attempted to notify vendor with no response. Description: SFGATE gives sensitive information by allowing one to view a few lines of text from a file via an error message. It looks like a good attempt was made at...

CVE-2000-0973

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated...

CVE-2000-1104

CVE-2000-1104 is a variant of the IIS Cross-Site Scripting vulnerability described in MS00-060 (CVE-2000-0746). The vulnerability affects Microsoft IIS 4.0 and 5.0, where a malicious site can embed scripts in a link to a trusted site, which are returned unquoted in an error message and executed i...

CVE-2000-1104

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 CVE-2000-0746 allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those...