8820 matches found
unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
0 Preface Now that most bugs in isakmpd that allowed for unauthorized SA deletion are "fixed", it's time to release some information on racoon. By the way: About 5 months ago I tried to contact the KAME developers. 1 Description racoon, KAME's IKE daemon, contains some flaws, that allow for...
phpGedView 2.65 beta 5 - Multiple Vulnerabilities
phpGedView 2.65 beta 5 - Multiple Vulnerabilities phpGedView Multiple Vulnerabilities Vendor: phpGedView Product: phpGedView Version: = 2.65 beta 5 Website: http://phpgedview.sourceforge.net Description: The phpGedView project parses GEDCOM 5.5 genealogy files and displays them on the Internet in...
multiple payload handling flaws in isakmpd, again
0 Preface On 2003/11/06 a bug fix for a payload handling flaw in isakmpd described in http://securityfocus.com/archive/1/343173 was committed to CVS. Other payload handling flaws, which were not presented on a silver platter, but only mentioned in side notes, still remain unfixed. This posting wi...
CGI bugs
No description provided...
CVE-2003-0833
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname...
[NEWS] Multiple Payload Handling Flaws in ISAKMPd
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)
According to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential. %NASLMINLEVEL 70300 C Tenable...
TRACKtheCLICK Script Injection Vulnerabilities
Scripts4webmasters.com TRACKtheCLICK Script Injection Vulnerabilities Discovered By Chris Rahm aka: BrainRawt [email protected] About TRACKtheCLICK: -------------------- A perl coded CGI that tracks your email, ezine, banner, and web site links. TRACKtheCLICK outputs log information to a data...
[Full-Disclosure] exploiting fortigate firewall through webinterface
Issue: Several vulnerabilities in web interface of Fortigate firewall of which the most serious one will allow a remote attacker to obtain a username and password of the Fortigate. Release: pre 2.50 maintenance release 4 Fixed in: Fortinet OS 2.50 MR4, available from FTP as of 29 Sept. 2003 Date:...
TCLHttpd Server - Multiple Vulnerabilities
Released Date 09/23/2003 TITLE ===== TCLHttpd 3.4.2 - Multiple Vulnerabilities DESCRIPTION =========== "TclHttpd is used both as a general-purpose Web server, and as a framework for building server applications. It implements Tcl http://www.tcl.tk, including the Tcl Resource Center and Scriptics'...
minihttp.txt
Minihttpserver 1.x Host Engine Flaws Url: http://www.minihttpserver.net + File-Sharing for NET: "File Sharing for net is a complete, secure web server that shares your business documents and files over the web: remote users only need browsers to view your files. Share, transfer files securely wit...
Advisory 02/2003: emule/xmule/lmule vulnerabilities
e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: eMule/lmule/xmule multiple remote vulnerabilities Release Date: 2003/08/17 Last Modified: 2003/08/17 Author: Stefan Esser [email protected] Application: eMule = 0.29c xmule = 1.4.3, = 1.5.6a lmule = 1.3.1 Severity: Several...
phpWebSite < 0.9.x Multiple Vulnerabilities
There are multiple flaws in the remote version of phpWebSite that may allow an attacker to gain the control of the remote database, or to disable this site entirely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
IIS 6.0 Web Admin Multiple vulnerabilities
Hi, last week I installed Windows 2003 for the first time Enterprise edition and Web Server edition. My first objective was to check the security in the IIS 6.0 and of course my target was the Web Admin interfacethat comes with a lot of ASP's to play with ;- Some flaws were detected, the vendor h...
Weaknesses in MIT magic cookie and XDM X Windows authorization
Overview MIT magic cookie and XDM authorization contain vulnerabilities that could allow remote attackers to connect to X displays. Description Two widely used X Window System authorization schemes have weaknesses in their sample implementations. MIT-MAGIC-COOKIE-1 On some systems built without t...
phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures
phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures -------------------- Product: phpMyAdmin Vendor: phpMyAdmin Development Team Versions: VULNERABLE - 2.5.2 CVS in Development - 2.5.x - 2.4.x - 2.3.x - 2.2.x - 2.1.x - 2.0.x - 1.x.x NO...
CesarFTP Multiple Vulnerabilities (OF, File Access, more)
The remote host is running CesarFTP, an FTP server for Windows systems. There are multiple flaws in this version of CesarFTP that could allow an attacker to execute arbitrary code on this host, or simply to disable this server remotely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Spyke Multiple Remote Vulnerabilities
The remote host is using Spyke - a web board written in PHP. This board stores vital information in the file info.dat, which can be downloaded by anyone. This file contains the name of the administrator of the website, as well as its password. Another flaw lets an attacker download information...
rot13sj.cgi Arbitrary File Access
The remote host is running the CGI 'rot13sj.cgi'. This CGI contains various flaws which may allow a user to execute arbitrary commands on this host and to read aribrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: http://www.geocities.com/sjefferson101010/ link is broken...
PT-2003-1559 · Ethereal · Ethereal
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.11 and earlier Description: The issue is related to multiple integer overflow vulnerabilities. These vulnerabilities can be exploited by remote attackers to cause a denial of service and possibly execute arbitrary code...