Lucene search
+L

896 matches found

OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

Mailman private.py Directory Traversal Vulnerability

Authenticated Mailman users can view arbitrary files on the remote host. Description : According to its version number, the remote installation of Mailman reportedly is prone to a directory traversal vulnerability in 'Cgi/private.py'. The flaw comes into play only on web servers that don't strip...

5CVSS9.4AI score0.02856EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.22 views

Hidden WWW server name

It seems that your web server tries to hide its version or name, which is a good thing. However, using a special crafted request, OpenVAS was able to discover it. OpenVAS Vulnerability Test $Id: wwwservername.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Hidden WWW server name Authors:...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.95 views

HTTP User-Agent overflow

It was possible to kill the web server by sending an invalid GET request with a too long User-Agent field A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system. OpenVAS Vulnerability Test $Id: wwwtoolonguseragent.nasl 8023...

7.5CVSS6.6AI score0.14665EPSS
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.13 views

JServ Cross Site Scripting

The remote web server is vulnerable to a cross-site scripting issue. Older versions of JServ including the version shipped with Oracle9i App Server v1.0.2 are vulnerable to a cross site scripting attack using a request for a non-existent .JSP file. SPDX-FileCopyrightText: 2002 Matt Moore Some tex...

6.4AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

BEA WebLogic Operator/Admin Password Disclosure Vulnerability

BEA WebLogic Server and WebLogic Express are prone to a vulnerability that may result in the disclosure of Operator or Admin passwords. SPDX-FileCopyrightText: 2004 Astharot Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4.6CVSS6.6AI score0.00422EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.18 views

Tomcat /status information disclosure

Requesting the URI /status gives information about the currently running Tomcat. SPDX-FileCopyrightText: 2003 StrongHoldNet Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.36 views

Microsoft IIS 'Codebrws.asp' Source Disclosure Vulnerability - Active Check

Microsoft SPDX-FileCopyrightText: 2002 Matt Moore / HD Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:internetinformationservices"; ifdescription...

5CVSS6.7AI score0.28742EPSS
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.149 views

Private IP address Leaked using the PROPFIND method

The remote web server leaks a private IP address through the WebDAV interface. If this web server is behind a Network Address Translation NAT firewall or proxy server, then the internal IP addressing scheme has been leaked. This is typical of IIS 5.0 installations that are not configured properly...

2.6CVSS9.6AI score0.42253EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.30 views

Apache Tomcat source.jsp Malformed Request Information Disclosure Vulnerability - Active Check

The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. SPDX-FileCopyrightText: 2004 David Kyger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

5CVSS6.2AI score0.41399EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.18 views

FastCGI samples Cross Site Scripting

Two sample CGI SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10838";...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.19 views

Tripwire for Webpages Detection (HTTP)

We detected the remote web server is running Tripwire for Webpages under the Apache HTTP Server. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.37 views

Outlook Web Access URL Injection

Due to a lack of sanitization of the user input, the remote version of Microsoft Outlook Web Access 2003 is vulnerable to URL injection which can be exploited to redirect a user to a different, unauthorized web server after authenticating to OWA. SPDX-FileCopyrightText: 2005 Michael J. Richardson...

5.8CVSS7AI score0.25559EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.36 views

Apache HTTP Server Auth Module SQL Insertion Attack

This plugin checks whether the web server is using Apache Auth modules which are known to be vulnerable to SQL insertion attacks. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.7AI score0.01905EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.146 views

'/WEB-INF./' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2002 Matt Moore SPDX-FileCopyrightText: New NASL code since 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.5CVSS7.3AI score0.15572EPSS
Exploits3References8
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.252 views

Test HTTP dangerous methods

Misconfigured web servers allows remote clients to perform dangerous HTTP methods such as PUT and DELETE. SPDX-FileCopyrightText: 2000 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.19 views

Microsoft IIS 'bdir.htr' Default Files - Active Check

The file bdir.htr is a default IIS files which can give a malicious user a lot of unnecessary information about your file system. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.32 views

Authentication bypassing in Lotus Domino

By creating a specially crafted url, the authentication mechanism of Domino database can be circumvented. SPDX-FileCopyrightText: 2002 Davy Van De Moere Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

5CVSS6.9AI score0.01558EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.30 views

robot.txt / robots.txt exists on the Web Server (HTTP)

Web Servers can use a file called /robots.txt to ask search engines to ignore certain files and directories. By nature this file can not be used to protect private files from public read access. SPDX-FileCopyrightText: 1999 SecuriTeam Some text descriptions might be excerpted from a referenced...

7.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.56 views

Novell NetWare HTTP POST Perl Code Execution Vulnerability

Novell Netware contains multiple default web server installations. SPDX-FileCopyrightText: 2002 visigoth Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.17031EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2005/09/22 12:0 a.m.43 views

httpXSS.txt

The following web servers do not properly sanitize their output when returning a 404 resource not found error which could be used in a XSS attack: Orion 1.3.8 Orion 1.4.5 CompaqHTTPServer 2.1 PoC: http://localhost/alert'XSS' -- - Josh...

7.4AI score
Exploits0
Rows per page
Query Builder