78 matches found
Cobalt Raq3 PopRelayD - Arbitrary SMTP Relay
source: https://www.securityfocus.com/bid/2986/info poprelayd is a script that parses /var/log/maillog for valid pop logins, and based upon the login of a client, allows the person logged into the pop3 service to also send email from the ip address they're accessing the system with. poprelayd...
T. Hauck Jana Server 1.451.46 - Hex Encoded Directory Traversal
T. Hauck Jana Server 1.451.46 - Hex Encoded Directory Traversal source: https://www.securityfocus.com/bid/2703/info It is possible for a remote user to traverse the directories of a host running Jana Server. Submitting a specially crafted URL using hex encoded 'double dot' sequences will reveal...
Hughes Technologies DSL_Vdns 1.0 - Denial of Service
Hughes Technologies DSLVdns 1.0 - Denial of Service source: https://www.securityfocus.com/bid/2700/info It is possible for a remote user to cause a denial of service on a host running DSLVdns. Submitting data to port 6070 and closing the connection before the request is fulfilled, will cause...
SpyNet 6.5 Chat Server - Multiple Connection Denial of Service Vulnerabilities
source: https://www.securityfocus.com/bid/2701/info Spynet Chat Server is a freely available client-server chat package by Spytech Software. Spynet Chat offers IRC style chat to users of the software package. A problem in the package could allow remote users to crash the chat server. Upon receivi...
GoAhead Web Server 2.1 (Windows) - Denial of Service
source: https://www.securityfocus.com/bid/2607/info The GoAhead Web Server is a freely available, open source software package developed by GoAhead. The GoAhead Web Server offers a multi-platform web server and source code to the community. A problem with the web server makes it possible to deny...
GoAhead Web Server 2.1 (Windows) - Denial of Service
GoAhead Web Server 2.1 Windows - Denial of Service source: https://www.securityfocus.com/bid/2607/info The GoAhead Web Server is a freely available, open source software package developed by GoAhead. The GoAhead Web Server offers a multi-platform web server and source code to the community. A...
WhitSoft SlimServe HTTPd 1.1 - 'GET' Denial of Service
source: https://www.securityfocus.com/bid/2451/info SlimServe HTTPd is a free HTTP Daemon maintained by WhitSoft Development. SlimServe is designed to provide basic HTTP services on the Microsoft Windows platform. A problem in the handling of HTTP GET requests could allow a remote user to deny...
Orange Software Orange Web Server 2.1 - Denial of Service
Orange Software Orange Web Server 2.1 - Denial of Service source: https://www.securityfocus.com/bid/2432/info A remote user can cause a denial-of-service condition in Orange Software Orange Web Server. The attacker could submit a specially crafted GET request via a telnet connection to cause the...
carey internets services commerce.cgi 2.0.1 - Directory Traversal
source: https://www.securityfocus.com/bid/2361/info It is possible for a remote user to gain read access to directories and files outside the root directory of Carey Internet Services Commerce.cgi. Requesting a specially crafted URL composed of '/../%00' along with the known filename or directory...
alex heiphetz Group eZshopper 2.03.0 - Directory Traversal
alex heiphetz Group eZshopper 2.03.0 - Directory Traversal source: https://www.securityfocus.com/bid/2109/info It is possible for a remote user to gain read access to various files that reside within the EZShopper directory. By requesting a specially crafted URL utilizing loadpage.cgi' applicatio...
Apache 1.3 + PHP 3 - File Disclosure
source: https://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known fil...
nathan purciful phpphotoalbum 0.9.9 - Directory Traversal
source: https://www.securityfocus.com/bid/1650/info The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a...
GWScripts News Publisher 1.0 - author.file Write
GWScripts News Publisher 1.0 - author.file Write source: https://www.securityfocus.com/bid/1621/info It is possible for a remote user to add an author to the author index author.file in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request...
CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)
source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...
Alt-N MDaemon 2.8.5 - UIDL Denial of Service
source: https://www.securityfocus.com/bid/1366/info A remote user is capable of crashing Alt-N MDaemon 2.8.5.0 by executing the pass command, then the UIDL command and quitting the mail server before the UIDL has returned a response. This must be done before the user is presented with the POP3...
Microsoft IIS 4.0 - UNC Mapped Virtual Host
Microsoft IIS 4.0 - UNC Mapped Virtual Host MS Commercial Internet System 2.0/2.5,IIS 4.0,Proxy Server 2.0,Site Server Commerce Edition 3.0 UNC Mapped Virtual Host Vulnerability source: https://www.securityfocus.com/bid/1081/info If a virtual host root is mapped to a UNC share, a backward slash "...
QuickCommerce 2.5/3.0 / Cart32 2.5 a/3.0 / Shop Express 1.0 / StoreCreator 3.0 Web Shopping Cart - Hidden Form Field
E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: https://www.securityfocus.com/bid/1237/info Various shopping cart applications use hidden form fields within the...
textcounter.pl 1.2 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered characters, it is possible for a remote...