16 matches found
EUVD-2003-0450
Malware in sbrugna...
EUVD-2002-2225
Malware in sbrugna...
Deerfield VisNetic WebSite 3.5.13 .1 Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to caus...
CVE-2002-2246
Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...
CVE-2002-2241
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service crash via a long HTTP OPTIONS request...
CVE-2002-2241
CVE-2002-2241 describes a buffer overflow in Deerfield VisNetic WebSite’s httpd32.exe prior to 3.5.15, exploitable by sending a long HTTP OPTIONS request to crash the service (denial of service). The affected component is the httpd32.exe web server used by VisNetic WebSite; root cause is a buffer...
Non-Existent Page Physical Path Disclosure Vulnerability (HTTP)
The remote web server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2003 Michel Arboi SPDX-FileCopyrightText: Improved / extended code / detection routine since 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Too Long OPTIONS Parameter DoS Vulnerability
It may be possible to make the web server crash or even execute arbitrary code by sending it a too long url through the OPTIONS method. SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...
CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using vtibin/fpcount.exe...
CVE-2003-0456
CVE-2003-0456 concerns VisNetic WebSite 3.5 where a remote attacker can reveal the server’s full pathname via an error message triggered by a request for a non-existent folder (e.g., using _vti_bin/fpcount.exe). This is a path-disclosure vulnerability that exposes sensitive filesystem information...
CVE-2003-0456
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using vtibin/fpcount.exe...
CVE-2002-2246
Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...
VisNetic WebSite XSS vulnerability through HTTP referer header
Visnetic WebSite XSS vulnerability through HTTP Referer header --------------------------------------------------------------------------------------------- = Author: Ory Segal - Sanctum inc. http://www.sanctuminc.com/ = Release date: 09/12/2002 = Vendor: Deerfield http://www.deerfield.com The...
Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting
Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' heade...
Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed...
Denial of Service vulnerability in VisNetic Website
Name: VisNetic WebSite Denial of Service Date: 12th of December 2002 Software affected: VisNetic WebSite 3.5.13.1 prior versions are vulnerable Advisory: http://www.krusesecurity.dk/advisories/vis0102.txt Risk: Medium Legal Notice: This Advisory is copyright by Peter Kruse. You may distribute thi...