381 matches found
3Com OfficeConnect DSL Router 812 1.1.7840 1.1.7 - HTTP Port Router Denial of Service
3Com OfficeConnect DSL Router 812 1.1.7840 1.1.7 - HTTP Port Router Denial of Service // source: https://www.securityfocus.com/bid/2721/info OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an...
Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities
The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10712...
New command execution vulnerability in myPhpAdmin
--/ Product: phpMyAdmin versions = 2.2.0rc3 --/ Problem: Arbitrary remote command execution --/ Severity: High --/ Author: Carl Livitt carl AT ititc DOT com --/ Date: 31 July 2001 ---------------------------------------------- History ------- Further to the excellent research done by Shaun Clowes...
Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)
/ qitest1's security advisory 002 / Buffer Overflow in GazTek HTTP Daemon v1.4 ghttpd +Systems Affected Any system running GazTek HTTP Daemon v1.4 ghttpd +Program Description ghttpd is a small and easy to configure HTTP server with CGI support, tested on Linux. It can run as a standalone daemon o...
ROADS search.pl form Parameter Traversal Arbitrary File Access
The 'search.pl' CGI from ROADS is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
sendtemp.pl - Read Access to Files
!/usr/bin/perl -w sendtemp.pl: A part of the Amaya Web development server contains a file disclosure vulnerability, which allows remote, read access to files on the servers file system, as whichever user the httpd is running as. The Vulnerability is really quite simple.. When the templ argument i...
tdhttp transversal bug
-=-=-=-=-= UkR security team - advisory n0. 7 =-=-=-=-=- tdhttp transversal bug -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: 07.02.2001 Problem: possibility of arbitrary file retreival and directory listing on remote host, running tdhttp http.c, probably all its versions...
wwwwais QUERY_STRING Parameter Remote Overflow
The 'wwwwais' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
Technote main.cgi filename Parameter Traversal Arbitrary File Access
The technote CGI board is installed. This board has a well known security flaw in the CGI main.cgi that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Two security flaws in Bajie Webserver
More junk brought to you by the MDMA Crew www.mdma.za.net Two security flaws in the Bajie Webserver Bajie is a freeware HTTP daemon written in Java and available from TuCows. We found two vulnerabilities in it... The sample Java servlet at /servlet/test/pathInfo/test gives away a real path eg...
fastrack.remote.txt
Greetings, OVERVIEW A vulnerability in Netscape FastTrack 2.01a will allow any remote user to execute commands as the user running the httpd daemon probably nobody. This service is running by default on a standard UnixWare 7.1 installation. BACKGROUND I've only tested the version of Netscape...
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...
Matt Wright guestbook.pl Arbitrary Command Execution
The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: ...
CVE-1999-0267
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution...
CVE-1999-0267
CVE-1999-0267 refers to a buffer overflow in the NCSA HTTP daemon v1.3 that enables remote command execution. Connected sources corroborate that the affected component is the NCSA HTTP daemon (version 1.3) and describe the vulnerability as a buffer overflow issue in handling requests. The Red Hat...
IRIX pfdispaly Arbitrary File Access
The 'pfdispaly' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
IRIX handler CGI Arbitrary Command Execution
The 'handler' cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Multiple Vendor info2www CGI Arbitrary Command Execution
The 'info2www' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
CVE-1999-0267
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution...
PT-1997-1115 · Ncsa · Ncsa Http Daemon
Name of the Vulnerable Software and Affected Versions: NCSA HTTP daemon version 1.3 Description: A buffer overflow issue in the NCSA HTTP daemon allows remote command execution. Recommendations: For version 1.3, update to a newer version that contains a fix for this issue...