Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)

Apache Tomcat is an implementation of the Java Servlet and JavaServer pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...

ePO console Detection

This host is running an ePolicy Orchestrator ePo console. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Ipswitch IMail Web Calendaring Arbitrary File Read (CVE-2005-1252)

The Ipswitch IMail Server product contains a variety of server components. These components include POP3, SMTP, IMAP, and a Web Calendaring server. The IMail Web Calendaring server provides functions for users to store schedules, set appointments, and send reminder information using HTTP protocol...

SHOUTcast Filename Format String - ver 2 (CVE-2004-1373)

SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...

SHOUTcast Filename Format String (CVE-2004-1373)

SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...

Apache Tomcat Directory Listing Information Disclosure (CVE-2006-3835)

Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...

BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability - Active Check

BigAnt IM Server is prone to a remote buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Detailed description of SSL and TLS Web Security penetration testing-vulnerability warning-the black bar safety net

If the Web Service of the SSL and TLS Protocol security problem, the consequences will be how? Obviously, in this case the attacker can have all your security information, including user name, passwords, credit card, Bank information...... All in all. This article will give the reader a detailed...

ELOG Version Detection

This script finds the running ELOG Version and saves the result in KB. OpenVAS Vulnerability Test $Id: secpodelogdetect.nasl 5877 2017-04-06 09:01:48Z teissa $ ELOG Version Detection Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program is free software; you...

CVE-2009-2622

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including 1 "missing or mismatched protocol identifier," 2 missing or negative status value," 3 "missing version," or 4 "missing or invalid status number," related t...

For IIS write permissions for the simple analysis-vulnerability warning-the black bar safety net

//Or to be symbolic of a copyright, reproduced, please indicate the b0r3d's blog http://www.b0r3d.org //Last month to the Black hand cast went, people since there is no published, I will send to it, after all the articles of original content is too small, the technical content is not high. Recent...

Zervit 0.4 Traversal / Memory Corruption

Zervit webserver 0.4 Directory Traversal & Memory Corruption By: e.wiZz! & shinnai Site: shinnai.net & balcansecurity.com Memory Corruption import socket host = "127.0.0.1" port = 8080 try: for i in range1,10: buff = "a" 3330 request = "POST " + buff + " HTTP/1.0" connection =...

Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability

Zervit HTTP server is prone to a denial of service DoS vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Squid cache proxy server DoS

Denial of Service on invalid HTTP protocol version...

MSN cross-site vulnerability analysis-vulnerability warning-the black bar safety net

As early as a few days ago, heard colleagues say,“friends msn send to a web page, enter the password, the results a few days later, the MSN password is wrong, could be stolen.” At that time also asked colleagues want the address, but he said address not found. A few days later a friend said to se...

Heap overflow

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack HTTPSTK before 8.8 SP3 have unknown impact and attack vectors related to the 1 HTTP language header and 2 HTTP content-length header...

CVE-2008-5092

CVE-2008-5092 corresponds to a heap-based buffer overflow in Novell eDirectory’s HTTPSTK (HTTP protocol stack) prior to 8.8 SP3. The NVD entry notes unknown impact and attack vectors tied to the HTTP language header and HTTP content-length header. CVSS v2 base score is 10.0 (AV:N/AC:L/Au:N/C:C/I:...

Novell eDirectory存在多个安全漏洞

CNCAN ID：CNCAN-2008090104 Novell eDirectory是一款支持轻量目录访问协议LDAP并基于目录的身份管理系统。 Novell eDirectory存在多个安全问题，远程攻击者可以利用漏洞进行跨站脚本或任意代码执行攻击。 1存在未明基于堆的缓冲区溢出。 2存在未明内存破坏问题。 3由于不正确处理HTTP "Language"字段数据，可触发基于堆的缓冲区溢出。 4超长"Content-Length"字段数据，可触发基于堆的缓冲区溢出。 5不正确过滤传递给HTTP协议栈的参数，可导致任意HTML注入或脚本代码在目标用户浏览器上执行。 Novell...

Security Best Practice: Familiarize Yourself with the ASCII Only Response Headers Protection

HTTP Protocol Inspection provides strict enforcement of the HTTP protocol, ensuring these sessions comply with RFC standards and common security practices. Various attacks use binary and other non-ASCII characters to deliver worms and other malicious content to web servers...

[SECURITY] Fedora 7 Update: htdig-3.2.0b6-12.fc7

The ht://Dig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and AltaVista. Instead it is meant to cover the search needs for a...