662 matches found
LabVIEW Web Server DoS
GET request with n instead of rn causes server to crash...
CSSearch 2.3 - Remote Command Execution
CSSearch 2.3 - Remote Command Execution source: https://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. csSearch is prone to an issue which may enable an attacker to...
Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...
AOL Instant Messenger 4.x - Remote Buffer Overflow
source: https://www.securityfocus.com/bid/3769/info AOL Instant Messenger AIM is a real time messaging service. The vulnerability exists in the way that AIM parses a game request with a TLV type, length, value type of 0x2711. This type of game request is prone to a buffer overflow which could all...
CVE-2001-1052
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...
CVE-1999-1417
Format string vulnerability in AnswerBook2 AB2 web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged...
Icecast 1.1.x1.3.x - Slash File Name Denial of Service
Icecast 1.1.x1.3.x - Slash File Name Denial of Service source: https://www.securityfocus.com/bid/2933/info Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems. Icecast does not sufficiently sanitize user-supplied input, or sanely handle unexpected input...
CVE-2001-0264
Gene6 G6 FTP Server 2.0 aka BPFTP Server 2.10 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection...
CVE-2001-0275
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request...
Microsoft ISA Server 2000 Web Proxy - Denial of Service
Microsoft ISA Server 2000 Web Proxy - Denial of Service // source: https://www.securityfocus.com/bid/2600/info It is possible for a user to cause the Web Proxy service on a host running MS ISA Server to stop responding. If a HTTP request with an unusually long path is submitted, the Web Proxy...
Microsoft ISA Server 2000 Web Proxy - Denial of Service
// source: https://www.securityfocus.com/bid/2600/info It is possible for a user to cause the Web Proxy service on a host running MS ISA Server to stop responding. If a HTTP request with an unusually long path is submitted, the Web Proxy service could stop responding. This vulnerability is only...
Oracle Application Server ndwfn4.so HTTP Request Remote Overflow
It may be possible to make a web server execute arbitrary code by sending it a too long url starting with /jsp/ For example: GET /jsp/AAAA.....AAAAA C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10654; scriptversion"1.27"; scriptcvsdate"Date: 2018/07/16 14:09:13";...
Cisco (Multiple Products) - Automated Tool
Cisco Multiple Products - Automated Tool !/usr/bin/perl Written by hypoclear - http://hypoclear.cjb.net Thong-th-thong-th-thong.pl AKA thong.pl is a PERL script which automates several attacks against various Cisco products. To be specific: 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS...
Cisco Multiple Products Automated Exploit Tool
Exploit for hardware platform in category dos / poc ============================================== Cisco Multiple Products Automated Exploit Tool ============================================== !/usr/bin/perl Written by hypoclear - http://hypoclear.cjb.net Thong-th-thong-th-thong.pl AKA thong.pl i...
CVE-2000-1114
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20"...
CVE-2000-0939
Samba Web Administration Tool SWAT in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart...
CVE-2000-0641
Savant web server allows remote attackers to execute arbitrary commands via a long GET request...
CVE-2000-0521
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...
Дырка в Sawmill
Специальным образом сконструированный GET-запрос позволяет прочитать первую строчку любого файла, причем приложение запускается от root...
More info on MS00-019
In usual tradition, little information is to be had about the "Virtualized UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough to submit an extra post to Bugtraq to give Adam Coyne credit. Anyways, for those of you interested in the problem, making a request for a file with a...