IdeaBox include.php ideaDir Parameter Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using ideabox. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date:...

Sun rpc.cmsd Remote Overflow

The remote Sun rpc.cmsd has integer overflow problem in xdrarray. An attacker may use this flaw to execute arbitrary code on this host with the privileges rpc.cmsd is running as typically, root, by sending a specially crafted request to this service. This script was written by Xue Yong Zhi See th...

Mambo Site Server MD5 Hash Session ID Privilege Escalation

The remote installation of Mambo Site Server improperly validates the cookies that are sent back by the user. As a result, a user may impersonate the administrator by using the MD5 value of a received cookie and thereby gain administrative control of the affected application. %NASLMINLEVEL 70300 ...

Default Password (manager) for 'system' Account

The account 'system' has the password 'manager'. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "system"; password = "manager"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11257;...

Enhydra Multiserver Default Password

This system appears to be running the Enhydra application server configured with the default administrator password of 'enhydra'. A potential intruder could reconfigure this service and use it to obtain full access to the system. This script was written by H D Moore See the Nessus Scripts License...

WarFTPd CWD/MKD Command Overflow

The version of the War FTP Daemon running on this host is vulnerable to a buffer overflow attack. This is due to improper bounds checking within the code that handles both the CWD and MKD commands. By exploiting this vulnerability, it is possible to crash the server. This script was written by Er...

CUPS < 1.1.18 Multiple Vulnerabilities

The remote CUPS server seems vulnerable to various flaws buffer overflow, denial of service, privilege escalation that could allow a remote attacker to shut down this service or remotely gain the privileges of the 'lp' user. C Tenable Network Security, Inc. This script checks for CVE-2002-1368, b...

MS02-055: Unchecked Buffer in Windows Help Facility Could Enable Code Execution (323255)

The remote host contains a version of the HTML Helpfacility ActiveX control module that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and enticing a victim to visit it. C Tenable Network Security, Inc. include"compat.inc"; if description...

Sendmail 8.6.9 IDENT Remote Overflow

The remote Sendmail server, according to its version number, may be vulnerable to the ident overflow which allows any remote attacker to execute arbitrary commands as root. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10278; scriptversion"1.19";...

Omron WorldView Wnn Multiple Command Remote Overflow

It was possible to make the remote Wnn server crash by sending an oversized string to it. C Tenable Network Security, Inc. References: http://www.tomo.gr.jp/users/wnn/0008ml/msg00000.html http://online.securityfocus.com/advisories/4413 include"compat.inc"; if description scriptid11108;...

EFTP .lnk File Handling Remote Overflow

The version of EFTP running on the remote host has a remote buffer overflow vulnerability. Issuing the LS command on a maliciously crafted .lnk file results in an overflow. A remote attacker could exploit this to crash the service, or possibly execute arbitrary code. C Tenable Network Security,...

Quake 3 Arena Malformed Connection Packet DoS

It was possible to crash the Quake3 Arena daemon by sending a specially crafted login string. An attacker may use this attack to make this service crash continuously, preventing you from playing. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderso...

PHP mime_split Function POST Request Overflow

The remote host is running a version of PHP earlier than 4.1.2. There are several flaws in how PHP handles multipart/form-data POST requests, any one of which could allow an attacker to gain remote access to the system. %NASLMINLEVEL 70300 This script was written by Thomas Reinke Modified by H D...

Informix SQL Web DataBlade Module Traversal Arbitrary File Access

The Web DataBlade modules for Informix SQL allows an attacker to read arbitrary files on the remote system by sending a specially crafted request using '../' characters. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

Cisco Multiple Devices Unpassworded Account

The remote host appears to be a Cisco router or switch with no password set. This can allow a remote attacker to login to the device and take control of it. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10754; scriptcveid"CVE-1999-0508"; scriptversion "1.23";...

cfingerd 1.4 - Format String (2)

cfingerd 1.4 - Format String 2 // source: https://www.securityfocus.com/bid/2576/info A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code. cfingerd queries and logs the remote username of...

Microsoft Outlook 2000 0/98 0/Express 5.5 - Concealed Attachment

source: https://www.securityfocus.com/bid/2260/info Versions of MS Outlook are vulnerable to receiving a hidden, potentially hostile attachment. An arbitrary string of characters, supplied by the sender to the 'subject:' field, will be received and interpreted by vulnerable versions of Outlook as...

Sun Java Web Server bboard Servlet Command Execution

The 'bboard' servlet is installed in /servlet/sunexamples.BBoardServlet. This servlet comes with default installations of Sun Java Web Server and has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network...

MS00-036: NT ResetBrowser frame & HostAnnouncement flood patch (262694)

The hotfix for the 'ResetBrowser Frame' and the 'HostAnnouncement flood' has not been applied. The first of these vulnerabilities allows anyone to shut down the network browser of this host at will. The second vulnerability allows an attacker to add thousands of bogus entries in the master browse...

TCP/IP ACK Packet Saturation Remote DoS (stream.c)

It seems it was possible to make the remote server crash using the 'stream' or 'raped' attack. An attacker may use this flaw to shut down this server, thus preventing your network from working properly. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik...