Zeus Web Server 3.x - Null Terminated Strings

Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...

altavista.txt

hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ... http://server:port/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd or on an micro$oft IIS...

www-cgi-vulner.txt

Date: Mon, 9 Nov 1998 18:26:05 -0600 From: xnec To: [email protected] Subject: Several new CGI vulnerabilities INFO: After looking over the perl-CGI scripts on www.cgi-resources.com, I've discovered vulnerabilities in the following: 1. HAMcards Postcard script v1.0 Beta 2 www.hamnetcenter.com ...

xylan.omniswitch.txt

Date: Wed, 31 Mar 1999 19:12:20 +0000 From: [email protected] To: [email protected] Subject: Xylan OmniSwitch "features" Sorry if this is already known. Stepped into two "features" of Xylan OmniSwitches also works on Pizza. These switches are sold OEM to Alcatel which just bought Xylan and IBM...

HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A - LCD Display Modification

/ source: https://www.securityfocus.com/bid/2245/info Certain versions of HP JetDirect enabled printers provide a function PJL command that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more ...

NAI Net Tools PKI Server Vulnerabilities

Advisory ID Internal CORE-080200 Advisory Information: Advisory ID: CORE-080200 CVE Name:CVE-2000-0740, CVE-2000-0739, CVE-2000-0741 Bugtraq ID:1536, 1537, 1538 Buenos Aires, Argentina While investigating the exploitability of a buffer overflow in the Net Tools PKI Server from Network Associates...