313 matches found
Uber: Server version disclosure: team.uberinternal.com
In the HTTP response header from team.uberinternal.com, the nginx web server version is disclosed. HTTP/1.1 301 Moved Permanently Server: nginx/1.8.1 Date: Tue, 21 Jun 2016 22:45:53 GMT Content-Type: text/html Content-Length: 184 Connection: keep-alive Location: https://team.uberinternal.com/...
TUTOS phpinfo() Information Disclosure (HTTP) - Active Check
TUTOS allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Veris: Server and PHP version Disclosed in Response Header
Server Version and OS Version Disclosure issue...
New Relic: Server Side Browsing - localhost open port enumeration
Hi again to all, I've found that is possible to scan all the open ports and network information of internal instances of your amazon DC that are related with synthetics monitors. NOTE: I do not have a pro account so I can use the more advanced synthetics functions or the Insights db query to get...
LeaseWeb: Server version is disclosure in http://leasewebnoc.com/
Hello Leaseweb It's my same report but it's for different web application http://leasewebnoc.com here is sever version disclosure in http://leasewebnoc.com as when I have request about .htaccess , that returns result of forbidden but following server version publicly disclosure. Apache/2.2.22...
Web Server Error Page Information Disclosure
The default error page sent by the remote web server discloses information that can aid an attacker, such as the server version and languages used by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Oracle Database Server Multiple Unspecified Vulnerabilities -07 (Jan 2016)
Oracle Database Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Simple Web Server Connection Header Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
ACC IMoveis 4.0 - SQL Injection Vulnerability
No description provided by source. Exploit Title : iMoveis SQL Injection Vulnerability Date : 26/10/2010 Author : EraGoN Software link : http://baixar7.com/download/acc-imoveis-script-php.rar/3d1e7bf4b9 Version : 1.1 Tested on : Linux / Windows XP Dork : inurl:imoveis.php?id= Error You have an...
OkCupid: Server leaks version number
Severity: Low Summary: The Web Server's banner contains the version number of the server - OKWS/3.1.19.0. The version number found is 3.1.19.0 at okcupid.com/ HTTP/1.1...
DNS Server Version Detection
Nessus was able to obtain version information by sending a special TXT record query to the remote host. Note that this version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file. C Tenable Network Security, Inc...
mysql: command-line tool buffer overflow via long server version string
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...
mysql: command-line tool buffer overflow via long server version string
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...
mysql: command-line tool buffer overflow via long server version string
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...
mysql: command-line tool buffer overflow via long server version string
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...
AuraCMS多个SQL注入漏洞
CVE ID:CVE-2014-1401 auraCMS是一款基于PHP的WEB应用程序。 AuraCMS存在SQL注入漏洞。由于在程序SQL查询使用之前未能充分过滤未明的输入,允许远程攻击者在后端数据库中注入或操纵SQL查询,允许任意数据的操纵或披露。 0 Auracms 2.3 厂商补丁: Auracms ----- 1月30日后更新的Auracms 2.3版本以修复此漏洞,建议用户下载使用: http://auracms.org 1.The exploitation example below displays version of MySQL server:...
CVE-2014-0001
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...
SQL Injection in AdRotate
High-Tech Bridge Security Research Lab discovered vulnerability in AdRotate, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in AdRotate: CVE-2014-1854 The vulnerability exists due to insufficient validation of "track" HTTP GET parameter passed to...
Horizon QCMS "/download.php" SQL注入漏洞
CVE ID:CVE-2013-7139 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/download.php"脚本的"category" HTTP POST参数未被正确过滤,未经身份验证的远程攻击者可以在应用数据库中执行任意SQL命令。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用: http://sourceforge.net/projects/hnqcms/files/patches/ The exploitatio...
Telnet-Ftp Server Directory Traversal Vulnerability
The host is running Telnet-Ftp server and is prone to directory traversal vulnerabilities. OpenVAS Vulnerability Test $Id: gbtelnetftpserverdirtravvun.nasl 6086 2017-05-09 09:03:30Z teissa $ Telnet-Ftp Server Directory Traversal Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2013...