ProjectForum 8.4.2.1 - Find Request Denial of Service

ProjectForum 8.4.2.1 - Find Request Denial of Service source: https://www.securityfocus.com/bid/9271/info It has been reported that ProjectForum may be prone to a denial of service vulnerability that may allow an attacker to cause the server to crash by sending an excessively long string via the...

Resin Status Page Information Disclosure

Requesting the URI '/caucho-status' or '/server-status' gives information about the currently running Resin java servlet container. %NASLMINLEVEL 70300 This script was written by Vincent Renardias Licence : GPL v2 Changes by Tenable: - Revised plugin title, family change 4/2/2009...

CVE-2003-0860

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors...

Microsoft Windows Workstation service vulnerable to buffer overflow when sent specially crafted network message

Overview A remotely exploitable vulnerability affects Microsoft Windows Systems. Exploitation of this vulnerability could permit the execution of arbitrary code on the system with elevated privileges. The exploit vector for this vulnerability is highly conducive to a worm or other automated...

Vivisimo Clustering Engine - Search Script Cross-Site Scripting

Vivisimo Clustering Engine - Search Script Cross-Site Scripting source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a...

Adobe SVG Viewer Active Scripting Bypass (GM#002-MC)

GreyMagic Security Advisory GM002-MC ===================================== By GreyMagic Software, Israel. 07 Oct 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-mc/. Topic: Adobe SVG Viewer Active Scripting Bypass. Discovery date: 19 Aug 2003. Affected applications:...

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...

Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting

source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. An attacker may leverage this issue to have arbitrary script code executed in the browser of...

BEA WebLogic 7.0 - HostnameNetBIOS Name Remote Information Disclosure

BEA WebLogic 7.0 - HostnameNetBIOS Name Remote Information Disclosure source: https://www.securityfocus.com/bid/7257/info It has been reported that some types of requests may result in sensitive information disclosure. From this, an attacker may be able to launch a more organized attack against...

Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function "RtlDosPathNameToNtPathNameU" and may be exploited through other programs that use the library if...

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure source: https://www.securityfocus.com/bid/6893/info Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path ...

CUPS < 1.1.18 Multiple Vulnerabilities

The remote CUPS server seems vulnerable to various flaws buffer overflow, denial of service, privilege escalation that could allow a remote attacker to shut down this service or remotely gain the privileges of the 'lp' user. C Tenable Network Security, Inc. This script checks for CVE-2002-1368, b...

CVE-2002-2008

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message...

Zeroo HTTP Server 1.5 - Directory Traversal (1)

// source: https://www.securityfocus.com/bid/6308/info It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources...

IBM Websphere Edge Server 3.64.0 - Cross-Site Scripting

IBM Websphere Edge Server 3.64.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/6000/info A vulnerability has been discoverered in the Caching Proxy component bundled with the IBM Websphere Edge Server. It has been reported that the Caching Proxy is vulnerable to cross site...

Wolfram Research webMathematica 4.0 - File Disclosure

Wolfram Research webMathematica 4.0 - File Disclosure source: https://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based o...

ViewCVS 0.9.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4818/info ViewCVS does not filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks. An attacker may exploit this by constructing a malicious link with script code to a site running ViewCVS and sending it to a legitima...

Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure

source: https://www.securityfocus.com/bid/4575/info Apache Tomcat is a servlet container for use with the Java Servlet and JavaServer Pages technologies. Tomcat may be run on most UNIX and Linux variants as well as Microsoft Windows. Apache Tomcat ships with a number of example classes SnoopServl...

PHProjekt 3.1 - Remote File Inclusion

PHProjekt 3.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/4284/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows...

WikkiTikkiTavi 0.x - Remote File Inclusion

source: https://www.securityfocus.com/bid/3946/info WikkiTikkiTavi is a freely available engine for running a Wiki site. Wiki sites are web communities which are based on the idea that every webpage is editable by users of the website. WikkiTikkiTavi is back-ended by a MySQL database and runs on...