Easy Homepage Creator Vulnerability

AresU Advisory 18/July/2002 Easy Homepage Creator Vulnerability Severity : High Possible to edit member homepage Systems Affected: Advanced Easy Homepage Creator v1.0 Easy Homepage Creator v1.0 Vendor URL: http://www.easyscripts.co.uk Vuln Type : It does not use Access Validation to edit homepage...

Sun JavaServer Default Admin Password

The remote host is running the Sun JavaServer. This server has the default username and password of admin. An attacker can use this to gain complete control over the web server configuration and possibly execute commands. %NASLMINLEVEL 70300 This script written by H D Moore See the Nessus Scripts...

Ipswitch WhatsUp Gold Default Admin Account

This WhatsUp Gold server still has the default password for the admin user account. An attacker can use this account to probe other systems on the network and obtain sensitive information about the monitored systems. %NASLMINLEVEL 70300 Copyright 2001 by H D Moore See the Nessus Scripts License f...

ping.asp CGI Arbitrary Command Execution

The 'ping.asp' CGI is installed. Some versions allow an attacker to launch a ping flood against the targeted machine or another by entering '127.0.0.1 -l 65000 -t' in the Address field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Er...

Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title...

Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy

The remote Compaq Web Management Agent install can be used as an HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks. Written by H D Moore Changes by Tenable: - Revised plugin title, changed family 1/21/2009 include"compat.inc"; ifdescription...

Cabletron WebView Administrative Access

This host is a Cabletron switch and is running Cabletron WebView. This web software provides a graphical, real-time representation of the front panel on the switch. This graphic, along with additionally defined areas of the browser interface, allow you to interactively configure the switch, monit...

Cookie vulnerability in Alguest guestbook (PHP)

Alguest is a guestbook programmed in PHP, there is a major flaw in it which enables any user to access the admin panel. The script can be downloaded from http://www.hotscripts.com/cgi-bin/dload.cgi?ID=14105 It has a flaw in which cookie data isn't properly checked for administrator rights usernam...

Network Solutions Rwhoisd Syslog Remote Format String

The remote rwhois daemon is vulnerable to a format string attack when supplied malformed arguments to a malformed request such as %p%p%p. An attacker may use this flaw to gain a shell on this host. Note that Nessus solely relied on the banner version to issue this warning. If you manually patched...

MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing

Overview The default installation of Apache on MandrakeSoft Mandrake Linux enables directory indexing on directories that may unnecessarily disclose information about the server. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The...

Network Solutions Rwhoisd -soa Command Remote Format String

The remote rwhois daemon is vulnerable to a format string attack when supplied malformed arguments to a '-soa' request. An attacker may use this flaw to gain a shell on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10790; scriptversion "1.16";...

OS X 10.1 and localized desktop folder still vulnerable

system affected : French, German, Italian and Spanish MacOS X 10.0.x updated to 10.1 vulnerability : '/Users/admin-login/Desktop' has improper drwxrwxrwx permission Hi, the problem is know well known and explanation can be found here : http://securityfocus.org/cgi-bin/archive.pl?id=1&mid=195040...

javascript can write anything to windows98 registry

here's code from www.4y4y.net:88/ls.html it can write any value to windows98 registry solution: disable JavaScript in InternetExplorer tested on IE5.5 Marcin Jackowski --------------------------------------------------------------- script document.write"APPLET HEIGHT=0 WIDTH=0...

LDAP Server NULL Bind Connection Information Disclosure

The LDAP server on the remote host is currently configured such that a user can connect to it without authentication - via a 'NULL BIND' - and query it for information. Although the queries that are allowed are likely to be fairly restricted, this may result in disclosure of information that an...

Teamware Office contains multiple vulnerabilities in LDAP handling code

Overview The Teamware Office suite contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the...

Directory Pro Traversal Arbitrary File Access

The CGI 'directorypro.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

Apache mod_info /server-info Information Disclosure

A remote unauthenticated attacker can obtain an overview of the remote Apache web server's configuration by requesting the URL '/server-info'. This overview includes information such as installed modules, their configuration, and assorted run-time settings. C Tenable Network Security, Inc...

Lion Worm Detection

This host seems to be infected by the lion worm, because it has root shells running on extra ports and a copy of SSH running on port 33568. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10646; scriptversion"1.21"...

SlimServe HTTPd ver. 1.1a Directory Traversal

it is possible to view dir. and download files outside of the wwwroot directory. Exploit: http://127.0.0.1/.../ http://127.0.0.1/.../.../directory/file.xxx Solution: disable folder listings it is enabled by default, which will secure you from viewing dir. outside of the wwwroot dir.But it is stil...

DNS Server Zone Transfer Information Disclosure (AXFR)

The remote name server allows DNS zone transfers to be performed. A zone transfer lets a remote attacker instantly populate a list of potential targets. In addition, companies often use a naming convention that can give hints as to a servers primary application for instance, proxy.example.com,...