2149 matches found
CVE-2001-0804
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. dot dot attack on the "next" parameter...
CVE-2001-0804
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. dot dot attack on the "next" parameter...
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
By requesting : GET /cgi-bin/story.pl?next=../../../filetoread%00 An attacker may use this flaw to read arbitrary files on this server. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title 1/13/2009 ...
Weaknesses in the SSH protocol simplify brute-force attacks against passwords typed in an existing SSH session
Overview There is a vulnerability in the SSH protocol that can simplify brute force attacks against passwords typed within an existing SSH session. Description Researchers at the University of California at Berkeley have determined that by monitoring the delays between SSH packets transmitted...
QDAV-2001-7-3
Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...
Interactive Story File Disclosure Vulnerability
Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...
Security Bulletin (MS01-003)
---------------------------------------------------------------------- Title: Patch Available for Winsock Mutex Vulnerability Date: 24 January 2001 Software: Microsoft Windows NT 4.0 and Windows NT 4.0 TSE Impact: Denial of Service Bulletin: MS01-003 Microsoft encourages customers to review the...
CVE-2000-0922
CVE-2000-0922 affects Bytes Interactive Web Shopper shopper.cgi (2.0 and earlier). The vulnerability is a directory traversal via the newpage parameter (.. attack), enabling remote attackers to read arbitrary files on the web server. Multiple sources (NVD, CVE listings, Nessus/OpenVAS entries) co...
CVE-2000-0922
Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program shopper.cgi 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack on the newpage parameter...
CVE-2000-0922
Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program shopper.cgi 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack on the newpage parameter...
Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
October 8, 2000 Security Advisory: Bytes Interactive's Web Shopper shopper.cgi Directory Traversal Vulnerability Affected Product/Versions: Bytes Interactive's Web Shopper shopper.cgi Version 1.0 Bytes Interactive's Web Shopper shopper.cgi Version 2.0 Affected Platforms: Unix Windows Overview: Th...
Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access
The remote host contains is running Byte's Interactive Web Shopper, a shopping cart application. The installed version allows for retrieval of arbitrary files from the web server. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by...
Bytes interactive Web shopper 1.02.0 - Directory Traversal
Bytes interactive Web shopper 1.02.0 - Directory Traversal source: https://www.securityfocus.com/bid/1776/info Bytes Interactive Web Shopper is a XML based shopping cart application. The "newpage" variable does not properly check for insecure relative paths such as the double dot "..". The...
Bytes interactive Web shopper 1.0/2.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1776/info Bytes Interactive Web Shopper is a XML based shopping cart application. The "newpage" variable does not properly check for insecure relative paths such as the double dot "..". The following URL request:...
Microsoft Windows NT 4.02000 - Spoofed LPC Request (MS00-003)
Microsoft Windows NT 4.02000 - Spoofed LPC Request MS00-003 source: https://www.securityfocus.com/bid/1753/info This vulnerability is a new variation of the NT LPC Privilege Escalation Vulnerabilty please see https://www.securityfocus.com/bid/934 for details reported on January 12, 2000 by...
CVE-1999-0408
Files created from interactive shell sessions in Cobalt RaQ microservers e.g. .bashhistory are world readable, and thus are accessible from the web server...
CVE-1999-0159
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt such as a login. This applies to some IOS 9.x, 10.x, and 11.x releases...
CVE-1999-0159
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt such as a login. This applies to some IOS 9.x, 10.x, and 11.x releases...
CVE-1999-0159
The CVE-1999-0159 entry maps to Cisco IOS 9.x–11.x devices where an attacker who can reach an interactive prompt (e.g., login) can cause a crash, degrading availability. Affected component is Cisco IOS; root cause described as a crash when a prompt is accessible, with no additional exploitation d...
Microsoft Windows NT 4.0 - DCOM Server
Microsoft Windows NT 4.0 - DCOM Server source: https://www.securityfocus.com/bid/624/info It is possible for a local user to modify how DCOM servers are run, thereby escalating his/her privilege level. The Interactive User has write permissions to the DCOM registry entries. By editing the registr...