257 matches found
Directory traversal
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." dot dot sequences in the username field...
CVE-2002-2036
Sun Ray Server Software (SRSS) 1.3 with Non-Smartcard Mobility (NSCM) enabled is affected. The issue allows remote attackers to log in as another user by running dtlogin on a system with XDMCP client support, indicating a network-exposed authentication bypass via XDMCP/X11 components. The core de...
JBoss application server information leak
Insuficcient request validation allows to obtain server installation, configuration and version information...
DHCP (CAN-2004-0899; CAN-2004-0900)
DHCP Dynamic Host Configuration Protocol is used to administrate IP address configuration. Clients request an IP address from a server that leases them addresses. Attacks on the DHCP protocol usually target a vulnerability in the server software used, by sending specially crafted DHCP packets...
CVE-2004-0701
Sun Ray Server Software SRSS 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access...
CVE-2004-0701
Sun Ray Server Software SRSS 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access...
CVE-2004-0701
The affected product is Sun Ray Server Software (SRSS) 1.3 and 2.0 running on Solaris 2.6, 7, or 8. The issue is that SRSS does not reliably detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which can leave a user session logged in and allow local users t...
NetChat buffer overflow
Buffer overflow on oversized GET request to embedded HTTP server...
Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String
Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String source: https://www.securityfocus.com/bid/9840/info A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly saniti...
CVE-2002-2036
Sun Ray Server Software SRSS 1.3, when Non-Smartcard Mobility NSCM is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client...
Apache Httpd < 1.3.27 : Buffer overflows in ab utility
Buffer overflows in the benchmarking utility ab could be exploited if ab is run against a malicious server...
Directory content leakage in KF Web Server
Invalid processing of 00 in URLs...
SECURITY.NNOV: Bypassing content filtering software
There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filtering, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename...
Multiple win32 servers vulnerable to DoS (OS matter)
Multiple win32 servers vulnerable to DoS OS matter AFFECTED SYSTEMS Windows 98 first edition with CONCON kernel patch by MicroSoft. Although this is an OS matter, here are some affected ftp server programs I have found : BisonFTP V4R1 Broker FTP Server 5.9.5.0 G6 FTP Server v2.15 AKA BulletProof...
Дырка в WhoWhere Webmail (comm.lycos.com, angelfire.com, eudoramail.com)
Можно угадать имя файла с вложением на сервере...
Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)
Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow 1 source: https://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration...
Host Integration Server.2006.Server.SP1
Host Integration Server.2006.Server.SP1...