18 matches found
EUVD-2000-0430
Malware in sbrugna...
EUVD-2000-0233
Malware in sbrugna...
EUVD-2001-1056
Malware in sbrugna...
Cobalt Raq3 PopRelayD Arbitrary SMTP Relay Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2986/info poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're...
CVE-2001-1075
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file...
CVE-2001-1075
The CVE-2001-1075 issue affects the poprelayd script in Cobalt RaQ3 servers prior to version 2.0. The root cause is an input/log injection in the POP login by user path that allows an attacker’s IP to be written into the maillog, effectively bypassing authentication for SMTP relaying. This enable...
poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Hi to all, Poprelayd is a simple script that scan /var/log/maillog for valid pop logins and updates a hash db used by sendmail to permit relaying for those valid pop users, this method is called "Pop-before-smtp". The syslog string searched by the script is in this form for the qpop server /POP...
CVE-2001-1075
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file...
Cobalt Raq3 PopRelayD - Arbitrary SMTP Relay
source: https://www.securityfocus.com/bid/2986/info poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're accessing the system with. poprelayd...
Cobalt Raq3 PopRelayD - Arbitrary SMTP Relay
Cobalt Raq3 PopRelayD - Arbitrary SMTP Relay source: https://www.securityfocus.com/bid/2986/info poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address...
CVE-2000-0431
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files...
CVE-2000-0431
Cobalt RaQ2/RaQ3 systems with FrontPage uploads expose a permissions/ownership misconfiguration that allows bypassing cgiwrap and modifying uploaded files. The issue is documented in CVE-2000-0431 with references in NVD/CVE records and corroborated by OpenVAS/Nessus entries mentioning cgiwrap vul...
CVE-2000-0234
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file...
CVE-2000-0234
CVE-2000-0234 affects the Cobalt RaQ2 and RaQ3 appliances via the default access.conf configuration, which permits remote attackers to view the contents of a ".htaccess" file. The root cause is the default configuration allowing this exposure, leading to partial confidentiality impact. The connec...
Cobalt Networks - Security Advisory - Frontpage
Cobalt Networks -- Security Advisory -- 5.25.2000 Problem: With the current installation of Frontpage on RaQ2 and RaQ3, the ability to write data to other websites hosted on the same RaQ. This is due to a permissioning issue with the 'httpd' user. Description: Thanks to Chris Adams...
Cobalt apache configuration exposes .htaccess
Following some discussion on the cobalt-users list, it seems that this problem affects both the Raq2 and Raq3. It likely affects other cobalt products, but I haven't confirmed it. I verified this on my Raq2. By default, raq-hosted sites expose .htaccess files to the world. The configuration files...
CVE-2000-0234
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file...
Security Advisory -- 03.31.2000
Cobalt Networks -- Security Advisory -- 03.31.2000 Problem: RaQ2 and RaQ3 allow remote users to view the contents of an .htaccess file contained within a public website. Relevant products and architectures Product Architecture Vulnerable Qube1 MIPS No Qube2 MIPS No RaQ1 MIPS No RaQ2 MIPS Yes RaQ3...