357 matches found
[SECURITY] [DSA 150-1] New interchange packages fix illegal file exposition
-------------------------------------------------------------------------- Debian Security Advisory DSA 150-1 [email protected] http://www.debian.org/security/ Martin Schulze August 13th, 2002 - -------------------------------------------------------------------------- Package : interchange...
RedHat Interchange 4.8.x - Arbitrary File Read
RedHat Interchange 4.8.x - Arbitrary File Read source: https://www.securityfocus.com/bid/5453/info A vulnerability has been reported for Interchange 4.8.5 and earlier. Reportedly, Interchange may disclose contents of files to attackers. The vulnerability occurs due to the placement of the 'doc'...
DSA-150 interchange - illegal file exposition
Bulletin has no description...
RedHat Interchange 4.8.x - Arbitrary File Read
source: https://www.securityfocus.com/bid/5453/info A vulnerability has been reported for Interchange 4.8.5 and earlier. Reportedly, Interchange may disclose contents of files to attackers. The vulnerability occurs due to the placement of the 'doc' folder. Reportedly, the folder will be installed...
int.exp.txt
First off, great site ! I appreciate all the work you do. I just wanted to send in a quick and dirty perl script to retrieve any file from a server running RedHat's Interchange commerce system. The temp fix for this can be to use ipchains/iptables to block access to the port from outside the...
CVE-2001-0372
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores 1 barry, 2 basic, or 3 construct...
CVE-2001-0372
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores 1 barry, 2 basic, or 3 construct...
CVE-2001-0372
CVE-2001-0372 affects Akopia Interchange versions 4.5.3 through 4.6.3. The vulnerability arises because the installation of demo stores creates a default group account named ":backup" with no password, enabling a remote attacker to gain administrative access via the demo stores using the accounts...
Дырки при установке Interchange (default password)
При установке создаются пользователи с пустыми паролями...
Akopia Interchange E-commerce Package Demo Files Vulnerability
A serious security vulnerability has been found in the default installation of the Interchange demo stores 'barry', 'basic', and 'construct' distributed in Interchange versions 4.5.3 through 4.6.3. Using a group login that had no password set by default, it is possible to log in to the back-end...
CVE-2001-0097
The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service application crash via a large POST request...
CVE-2001-0097
The CVE-2001-0097 entry concerns the Web interface of Infinite Interchange 3.6.1, where remote attackers can trigger a denial-of-service (application crash) by sending a large POST request. The available sources confirm the vulnerable component is the Web interface, and the impact is a partial av...
CVE-2001-0097
The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service application crash via a large POST request...
interchange.txt
Strumpf Noir Society Advisories ! Public release ! -- -= Infinite InterChange DoS =- Release date: Thursday, 21 December, 2000 Introduction: Infinite InterChange is a Win95/98/NT/2k mailserver for organizations that need to expand their network messaging. Infinite InterChange has many functions,...
Infinite InterChange DoS
Strumpf Noir Society Advisories ! Public release ! -- -= Infinite InterChange DoS =- Release date: Thursday, 21 December, 2000 Introduction: Infinite InterChange is a Win95/98/NT/2k mailserver for organizations that need to expand their network messaging. Infinite InterChange has many functions,...
DoS против Interchange
Переполнение буфера при длинном HTTP POST - запросе в WEB-интерфейсе...
PT-2007-7486 · Debian +3 · Debian +3
Name of the Vulnerable Software and Affected Versions: Tcl/Tk versions 8.4.13 through 8.4.15 Description: The issue is related to a buffer overflow in the ReadImage function, which can be exploited by remote attackers using multi-frame interlaced GIF files where later frames are smaller than the...