Lucene search
K

2841 matches found

securityvulns
securityvulns
added 2003/03/31 12:0 a.m.26 views

Edikon Release 0.6 of PHPShop

Product : Edikon Release 0.6 of PHPShop Version : 0.6.1 WebSite : http://www.phpshop.org Problem : Viewing dbase information Description: ------------ eng In phpShop we can get access to a database of the server as the file of a configuration is accessible to each user. As we can find out a full...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.19 views

CVE-2002-1544

Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. dot dot sequences in the commands 1 LIST ls, 2 mkdir, 3 put, or 4 get...

7AI score0.01581EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/03/07 12:0 a.m.33 views

Wordit Logbook Version 0.98b3

Wordit Limited 2000. http://scripts.wordit.com/ User can read any files and execute any commands. Example: www.idontknowperl.com/logbook.pl? file=../../../../../../../bin/cat20logbook.pl00| / Alexey Sintsov aka DonHuan irc.megik.net brrr / include best/regards.h...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2003/02/28 12:0 a.m.42 views

Invision Power Board (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.invisionboard.com -------------------------- Version : 1.0.1 Problem : phpinfo -------------------------- Version : 1.1.1 Problem : File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° v1.0.1 : phpinfo.php : ---------- ?php phpinfo; ? ---------...

0.5AI score
Exploits0
OSV
OSV
added 2002/12/13 12:0 a.m.17 views

DSA-211 micq - denial of service

Bulletin has no description...

5CVSS6.8AI score0.0167EPSS
Exploits0
OSV
OSV
added 2002/11/19 12:0 a.m.14 views

DSA-199 mhonarc - cross site scripting

Bulletin has no description...

6.8CVSS6.2AI score0.04022EPSS
Exploits0
securityvulns
securityvulns
added 2002/09/20 12:0 a.m.30 views

Cisco VPN Concentrator 3000 ISAKMP DoS details

Hi list, the subject says it all. I would like to share the details of the Cisco VPN Concentrator 3000 ISAKMP packet parsing vulnerability mentioned at http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml The bug affects all software versions including 3.6.0 and I hope everyone got...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2002/07/17 12:0 a.m.36 views

Resin MS-DOS Device Request Path Disclosure

Resin will reveal the physical path of the webroot when asked for a special DOS device, e.g. lpt9.xtp An attacker may use this flaw to gain further knowledge about the remote filesystem layout. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderson...

5CVSS5.3AI score0.01678EPSS
Exploits0References1
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.21 views

CVE-2002-0580

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks...

6.7AI score0.01571EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/04/03 12:0 a.m.63 views

popper_mod 1.2.1 and previous accounts compromise

description: poppermod is a free, full featured web based POP3 email client written in PHP. It is an extension of the now abandoned "popper" project. It can be downloaded from http://www.symatec-computer.com/forums/ bug report: poppermod 1.2.1 relied on administrators using htaccess authenticatio...

0.6AI score
Exploits0
CERT
CERT
added 2002/01/14 12:0 a.m.16 views

Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers

Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...

7.1AI score
Exploits0References2
securityvulns
securityvulns
added 2001/09/08 12:0 a.m.47 views

Shopping Cart Version 1.23

User can execute command, but can't use "../" www.server.com/cgi- local/shop.pl/SID=947626980.19094/page=;ls| XP-TEAM DonHuan [email protected]...

3.8AI score
Exploits0
securityvulns
securityvulns
added 2001/05/07 12:0 a.m.31 views

Cisco Catalyst 2900XL crashes with empty UDP packet when SNMP is disabled.

Hi It's possible to crash Cisco Catalyst 2900XL with a empty UDP packet to port 161 when SNMP is disabled. Other switches also? The crash only occurs when the switch is booted with SNMP disabled. Seems that SNMP is listening, even if SNMP is disabled.. ? I have only tested this with Software...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2001/04/02 12:0 a.m.31 views

STAT Security Advisory: Trend Micro's ScanMail for Exchange stores passwords in registry unprotected

================================================================================ == STAT Security Advisory http://www.statonline.com/ Software Vendor: Trend Micro www.antivirus.com Software Package: ScanMail for Exchange Versions Affected: 3.5 Evaluation possibly others Synopsis: Account names an...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2000/10/26 12:0 a.m.39 views

Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote Username / Password Retrieval

source: https://www.securityfocus.com/bid/1885/info A vulnerability exists in the Cisco Virtual Central Office 4000 VCO/4K programmable voice switch running software versions 5.13 and earlier. The usernames and passwords for the device's SNMP administration interface are protected by a simple...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/10/10 12:0 a.m.33 views

Fwd: APlio PRO web shell

This URL allows for the execution of commands via /bin/sh...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2000/06/01 12:0 a.m.30 views

Re: An Analysis of the TACACS+ Protocol and its Implementations

-----BEGIN PGP SIGNED MESSAGE----- Hello, We acknowledge that a buffer overflow mentioned in the analysis by Solar Designer is indeed present in an unsupported free version of TACACS+ server officially it is a "developer's kit" and can be found at...

1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/22 12:0 a.m.295 views

Remote vulnerability in LCDproc 0.4

-----BEGIN PGP SIGNED MESSAGE----- ============================================================== === Title: Vulnerability in LCDproc === === Date: 20 April 2000 === === Author: Andrew Hobgood [email protected] === ============================================================== Note: The LCDproc...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/04/08 12:0 a.m.28 views

vqserver /........../

Version tested: vqserver 1.9.9 for windows The webserver vqserver follows /........../ in requests. http://host/........../autoexec.bat gives the autoexec.bat file. More serious, http://host/........../some/path/vq/server/cfg/server.cfg where /some/path/ could be anything, but normally...

1.1AI score
Exploits0
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.10 views

CVE-2020-12582

...

Exploits0
Rows per page
Query Builder