Sendmail mail from/rcpt to Pipe Arbitrary Command Execution

The remote SMTP server did not complain when issued the command : MAIL FROM: root@thishost RCPT TO: |testing This probably means that it is possible to send mail directly to programs, which is a serious threat, since this allows anyone to execute arbitrary commands on this host. This security hol...

WinGate Telnet Proxy localhost Connection Saturation DoS

The remote Wingate service can be forced to connect to itself continually until it runs out of buffers. When this happens, the telnet proxy service will be disabled. An attacker may block your telnet proxy this way, thus preventing your system from working properly if you need telnet. An attacker...

O'Reilly WebSite uploader.exe Arbitrary File Upload

The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Anonymous FTP Writable root Directory

It is possible to write on the root directory of the remote anonymous FTP server. This allows an attacker to upload arbitrary files which can be used in other attacks, or to turn the FTP server into a software distribution point. TRUSTED...

Multiple Mail Server EXPN/VRFY Information Disclosure

The remote SMTP server answers to the EXPN and/or VRFY commands. The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account. Your mailer should not allow remote users to u...

Finger Recursive Request Arbitrary Site Redirection

The remote finger service accepts redirect requests. That is, users can perform requests like : finger user@host@victim This allows an attacker to use this computer as a relay to gather information on a third-party network. In addition, this type of syntax can be used to create a denial of servic...

WFTP Unpassworded Guest Account

The remote FTP server accepts any user/password combination. This can allow remote attackers to access the FTP account, which can lead to information disclosure and uploads of arbitrary files on the remote host. C Tenable Network Security, Inc. include 'compat.inc' ; if description scriptid10305;...

HylaFAX faxsurvey Arbitrary Command Execution

The 'faxsurvey' CGI does not sanitize input to the query string. A remote attacker could exploit this to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10067; scriptversion"1.45";...

Echo Service Detection

The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly advised that you disable it, as it may be used by attackers to set up denial of services attacks against this host. C Tenable Network Security, Inc...

Detectoid Exchange Server 2007 IRS Premium

...

Forefront Japanese Detectoid

Detectoid for Forefront Japanese Language...

Detectoid for Microsoft Office Communications Server 2007 R2, Response Group Service

Detectoid for Microsoft Office Communications Server 2007 R2, Response Group Service...

Detectoid for Microsoft Office Communications Server 2007 R2, Conferencing Attendant

Detectoid for Microsoft Office Communications Server 2007 R2, Conferencing Attendant...