16 matches found
EUVD-2003-0450
Malware in sbrugna...
EUVD-2002-2225
Malware in sbrugna...
Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to caus...
CVE-2002-2246
Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...
CVE-2002-2241
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service crash via a long HTTP OPTIONS request...
CVE-2002-2241
CVE-2002-2241 describes a buffer overflow in Deerfield VisNetic WebSite’s httpd32.exe prior to 3.5.15, exploitable by sending a long HTTP OPTIONS request to crash the service (denial of service). The affected component is the httpd32.exe web server used by VisNetic WebSite; root cause is a buffer...
Too Long OPTIONS Parameter DoS Vulnerability
It may be possible to make the web server crash or even execute arbitrary code by sending it a too long url through the OPTIONS method. SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...
Non-Existent Page Physical Path Disclosure Vulnerability (HTTP)
The remote web server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2003 Michel Arboi SPDX-FileCopyrightText: Improved / extended code / detection routine since 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using vtibin/fpcount.exe...
CVE-2003-0456
CVE-2003-0456 concerns VisNetic WebSite 3.5 where a remote attacker can reveal the server’s full pathname via an error message triggered by a request for a non-existent folder (e.g., using _vti_bin/fpcount.exe). This is a path-disclosure vulnerability that exposes sensitive filesystem information...
CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using vtibin/fpcount.exe...
CVE-2002-2246
Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...
VisNetic WebSite XSS vulnerability through HTTP referer header
Visnetic WebSite XSS vulnerability through HTTP Referer header --------------------------------------------------------------------------------------------- = Author: Ory Segal - Sanctum inc. http://www.sanctuminc.com/ = Release date: 09/12/2002 = Vendor: Deerfield http://www.deerfield.com The...
Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed...
Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting
Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' heade...
Denial of Service vulnerability in VisNetic Website
Name: VisNetic WebSite Denial of Service Date: 12th of December 2002 Software affected: VisNetic WebSite 3.5.13.1 prior versions are vulnerable Advisory: http://www.krusesecurity.dk/advisories/vis0102.txt Risk: Medium Legal Notice: This Advisory is copyright by Peter Kruse. You may distribute thi...