Lucene search
+L

994 matches found

securityvulns
securityvulns
added 2004/06/18 12:0 a.m.28 views

[UNIX] Singapore MD5 Administrative Password Disclosure

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7.3AI score
Exploits0
nessus
nessus
added 2004/04/16 12:0 a.m.31 views

CVS Client Traversal Arbitrary File Retrieval

According to its version number, the remote CVS server has a directory directory traversal vulnerability. This could allow a malicious client to read files outside of the CVS root. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12212; scriptversion "1.16";...

5CVSS5.4AI score0.02354EPSS
Exploits0References2
exploitpack
exploitpack
added 2004/04/01 12:0 a.m.14 views

ADA IMGSVR 0.4 - Arbitrary File Download

ADA IMGSVR 0.4 - Arbitrary File Download source: https://www.securityfocus.com/bid/10027/info A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein. An attacker...

7.4AI score
Exploits0
freebsd
freebsd
added 2004/02/17 12:0 a.m.37 views

file disclosure in phpMyAdmin

Lack of proper input validation in phpMyAdmin may allow an attacker to obtain the contents of any file on the target system that is readable by the web server...

5CVSS6.2AI score0.09332EPSS
Exploits1References2
securityvulns
securityvulns
added 2004/02/09 12:0 a.m.40 views

ApacheSSL protection bypass

In basic authentication emulation mode it's possible to access server without certificate...

3.6AI score
Exploits0References1Affected Software1
nessus
nessus
added 2004/02/03 12:0 a.m.33 views

phpMyAdmin export.php what Parameter Traversal Arbitrary File Access

There is a bug in the remote version of phpMyAdmin that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user or even execute arbitrary PHP code. Successful exploitation of this issue requires that PHP's 'magicquotesgpc' setting be disabled...

5CVSS6AI score0.09332EPSS
Exploits1References3
packetstorm
packetstorm
added 2003/06/21 12:0 a.m.41 views

consroot.exp

Hi there, here is a fully automated script for getting a root shell using a normal user account and remote-console acces. The Script was written by me based on an article from phrack.com article 53 - hacking forth by mudge ---snip--- --- consroot.exp " puts "\twhere MODE is one of:" puts "\t\tT =...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/09 12:0 a.m.32 views

Vulnerability in WWW&FTP SERVER 6.3

ZUD SECURITY TEAM PRESENT bug found by nimber Email : [email protected] Site: www.zudteam.org Application: WWW&FTP SERVER 6.3 Versions: 6.3 and all Platform: Windows Web Site: www.evgenyk78.chat.ru Bug: See any files in system. Exploit: www.server.com/../test.txt or www.server.com/../www/index.h...

2.1AI score
Exploits0
exploitpack
exploitpack
added 2003/06/04 12:0 a.m.12 views

MegaBrowser 0.3 - HTTP Directory Traversal

MegaBrowser 0.3 - HTTP Directory Traversal source: https://www.securityfocus.com/bid/7802/info The MegaBrowser HTTP server component is prone to a file disclosure vulnerability. Directory traversal sequences may be used to break out of the web root directory. Attackers may gain access to files th...

7.4AI score
Exploits0
nessus
nessus
added 2003/06/03 12:0 a.m.22 views

PFTP Cleartext Local Password Disclosure

The remote web server is running PFTP. This software stores the list of user names and passwords in clear text in \Program Files\PFTP\PFTPUSERS3.USR. An attacker with a full access to this host may use this flaw to gain access to other FTP servers used by the same users. C Tenable Network Securit...

5.5AI score
Exploits0
exploitpack
exploitpack
added 2003/02/23 12:0 a.m.12 views

Nuked-klaN 1.3 - Remote Information Disclosure

Nuked-klaN 1.3 - Remote Information Disclosure source: https://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due t...

7.3AI score
Exploits0
nessus
nessus
added 2003/02/03 12:0 a.m.19 views

Tomcat /status Information Disclosure

Requesting the URI '/status' gives information about the currently running instance of the remote web server most likely Apache Tomcat. It also allows anybody to reset the current statistics. A remote attacker can use this information to mount further attacks. This script was written by Vincent...

5.5AI score
Exploits0
securityvulns
securityvulns
added 2002/11/09 12:0 a.m.92 views

Simple Web Server protected files access

URL http://server.com///secret/file allows protected file access...

2AI score
Exploits0References1Affected Software1
exploitdb
exploitdb
added 2002/09/02 12:0 a.m.45 views

SWS Simple Web Server 0.0.3/0.0.4/0.1 - New Line Denial of Service

// source: https://www.securityfocus.com/bid/5664/info SWS Simple Web Server is prone to a denial of service when requests not ending with a newline are received. Remote attackers may exploit this condition to deny access to legitimate users of the web server. / Mon Sep 2 17:45:04 2002 |SaMaN| ak...

7AI score
Exploits0
nvd
nvd
added 2002/08/12 4:0 a.m.16 views

CVE-2002-0763

Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server...

7.5CVSS6.7AI score0.02166EPSS
Exploits0References3
cert
cert
added 2002/08/01 12:0 a.m.13 views

ncompress vulnerable to buffer overflow via long filename

Overview Some versions of ncompress contain a buffer-overflow vulnerability. Description Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters. --- Impact By supplying long filenames to ncompress, an attacker may be able to gain local access to the...

7.6AI score
Exploits0References1
euvd
euvd
added 2002/07/26 4:0 a.m.9 views

EUVD-2002-0778

iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter...

5CVSS6.5AI score0.03192EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2002/06/06 12:0 a.m.8 views

PT-2002-1085

Name of the Vulnerable Software and Affected Versions OpenSSH versions through 8.7 Description The issue allows remote attackers to test whether a certain combination of username and public key is known to an SSH server. This occurs because a challenge is sent only when that combination could be...

5.3CVSS7.8AI score0.05326EPSS
Exploits1References21
securityvulns
securityvulns
added 2002/04/10 12:0 a.m.41 views

Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system

To: [email protected] [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system Advisory number: CSSA-2002-SCO.14 Issue date: 2002 April 08 Cross...

0.4AI score
Exploits0
cert
cert
added 2002/02/27 12:0 a.m.16 views

Oracle 9iAS default configuration uses well-known default passwords

Overview Oracle Database Server version 9iAS installs with up to 160 distinct default login accounts. The usernames and passwords for these have been made publicly available and could be used by an attacker to gain access to an Oracle server. Description Depending on the components chosen at...

6.9AI score
Exploits0References1
Rows per page
Query Builder