333 matches found
FTP Server root Directory .rhosts File Present
The remote anonymous FTP server has a .rhosts file set in its home directory. An attacker may use it to determine the trust relationships between this server and other hosts on the network. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11566; scriptversion"$Revision:...
Instaboard 1.3 SQL Injection
Affected Product: NetPleasure's Instaboard 1.3 www.netpleasure.com/instaboard/ Venerability: Multiple SQL Injection Vunerabilities. http://server/instaboard/index.cfm?frmid=120AND20u.userid20IN20select20userid20from20users http://server/instaboard/index.cfm?frmid=1&tpcid=120SQL...
Super Guestbook superguestconfig Admin Password Disclosure
The remote server is running Super GuestBook, a set of php scripts to manage an interactive guestbook. An attacker may retrieve the file /superguestconfig, which contains the password of the guestbook administrator as well as other configuration details. %NASLMINLEVEL 70300 C Tenable Network...
PHP-Nuke block-Forums.php subject vulnerabilities
The block-Forums.php file have a vuln if an attacker insert a malformatted subject to a topic of Splatt Forum. A type of subject is: "scriptalert'bug'";/script The 'alt' tag is closed by " and the other text is normal html. This bug is very bad if a subject is:...
Sambar Server Multiple Script XSS
The Sambar web server comes with a set of CGIs are that vulnerable to a cross-site scripting attack. An attacker may use this flaw to steal the cookies of your web users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: 27 Mar 2003 17:26:19 -0000 From: Gregory Le Bras To:...
Microsoft Windows SMB Registry : Classic Logon Screen
The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\LogonType is set to 1. It means that users who attempt to log in locally will see get the 'new' WindowsXP logon screen which displays the list of users of the remote host. C Tenable Network Security, Inc...
Microsoft Windows SMB Registry : Last Logged User Name Disclosure
The registry key HKLM\Software\Microsoft\Windows NT\WinLogon\DontDisplayLastUserName is not set to 1. It means that users who attempt to log in locally will see the name of the last user who logged in successfully in this computer on the screen. C Tenable Network Security, Inc. include"compat.inc...
Backup Files Disclosure
By appending various suffixes ie: .old, .bak, , etc... to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin uses the data collected ...
CVS pserver Brute Force Access
It was possible to find the public CVS repository of the remote host by searching a list of commonly used passwords and CVS repositories. A remote attacker could exploit this to access or modify sensitive information. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
Irix Performance Copilot Service Information Disclosure
The service 'IRIX performance copilot' is running. This service discloses sensitive information about the remote host, and may be used by an attacker to perform a local denial of service. This warning may be a false positive since the presence of the bug was not verified locally. C Tenable Networ...
Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access
Cross-Referencing Linux appaers to be installed on the remote host. There is a directory traversal vulnerability in the 'v' parameter of the 'source' CGI. A remote attacker could exploit this to read arbitrary files on the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Netscape / iPlanet .perf Remote Information Disclosure
Requesting the URI /.perf gives information about the currently running Netscape/iPlanet web server. This script was written by Sullo [email protected] Changes by Tenable: - Changed family, output formatting 9/2/09 - Revised plugin title 9/18/09 - Replaced URL 6/4/13 include"compat.inc"; ifdescripti...
Microsoft SQL Server Detection (credentialed check)
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid11217; scriptversion"1.157";...
Enhydra Multiserver Default Password
This system appears to be running the Enhydra application server configured with the default administrator password of 'enhydra'. A potential intruder could reconfigure this service and use it to obtain full access to the system. This script was written by H D Moore See the Nessus Scripts License...
Netscape Enterprise Default Administrative Password
This host is running Netscape Enterprise Server. The administrative interface for this web server is using the default username and password of 'admin'. An attacker can use this to reconfigure the web server, cause a denial of service condition, or gain access to this host. %NASLMINLEVEL 70300 Th...
Nortel/Bay Networks/Xylogics Annex Default Password
The remote terminal server has the default password set. This means that anyone who has downloaded a user manual can telnet to it and gain administrative access. If modems are attached to this terminal server, it may allow unauthenticated, remote access to the network. This script was written by...
Bookmar4U and Active PHP Bookmarks Vulnerabilities
Program: Bookmark4U V.1.8.3 website: http://bookmark4u.sourceforge.net/ Vendor status: Informed 30 days ago Problem: Source injection Files affected: inc/dbase.php inc/config.php inc/common.load.php ? Proof of concept: dbase.php?prefix=http://... Solution: The security of the inc/ directory is...
N/X (PHP)
Informations : °°°°°°°°°°°°°° Website : http://nxwcms.sourceforge.net/ Version : 2002 PreRelease 1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° nx/common/cds/menu.inc.php : ----------------------------------------------------------- ... requireonce...
Cross-site Scripting Vulnerability in phpBB 2.0.3
Hello : here is the code ---------------- html body form method="post" name="search" action="http://target/search.php?mode=searchuser" input type="hidden" name="searchusername" value=""/ /form SCRIPT...
Web Server HTTP Method Handling Remote Overflow
It was possible to kill the web server by sending an invalid request with a long HTTP method field. A remote attacker may exploit this vulnerability to make the web server crash continually or possibly execute arbitrary code. C Tenable Network Security, Inc. Script audit and contributions from...