896 matches found
retina.vs.iis4-round2.txt
http://www.eeye.com/database/advisories/ad06081999/ad06081999.html Retina vs. IIS4, Round 2 Systems Affected: Internet Information Server 4.0 IIS4 Microsoft Windows NT 4.0 SP3 Option Pack 4 Microsoft Windows NT 4.0 SP4 Option Pack 4 Microsoft Windows NT 4.0 SP5 Option Pack 4 Release Date: June 8,...
Web Server Long URL Handling Remote Overflow DoS
The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this flaw. C Tenable Network Security, Inc. Some vulnerable servers: SmallHTTP All versions vulnerable: 2.x Stables, 3.x Latest beta 8 OmniHTTPd v2.09 of Omnicron...
Multiple Web Server finger CGI Information Disclosure
The 'finger' CGI is installed. This can be used by a remote attacker to enumerate accounts on the system. Such information is typically valuable in conducting additional, more focused attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()
source: https://www.securityfocus.com/bid/501/info IIS and potentially other NT web servers have a vulnerability that could allow arbitrary code to be run as SYSTEM. This works because of the way the server calls the GetExtensionVersion function the first time an ISAPI extension is loaded. Any us...
CVE-1999-0286
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages...
CVE-1999-1073
Excite for Web Servers EWS 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack...
CVE-1999-1072
Excite for Web Servers EWS 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi...
CVE-1999-1071
Excite for Web Servers EWS 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file...
Excite for Web Servers 1.1 - Administrative Password
Excite for Web Servers 1.1 - Administrative Password source: https://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world...
Excite for Web Servers 1.1 - Administrative Password
source: https://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world readable and world writable. This allows an attacker...
CVE-1999-0012
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names...
PT-1998-1009 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue allows remote attackers to bypass access restrictions for files with long file names on some web servers. Recommendations: At the moment, there is no information about a...
PT-1998-1058 · Excite · Excite For Web Servers
Name of the Vulnerable Software and Affected Versions: Excite for Web Servers EWS affected versions not specified Description: The issue allows remote command execution via shell metacharacters. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
Microsoft IIS 3.0/4.0 / Microsoft Personal Web Server 2.0/3.0/4.0 - ASP Alternate Data Streams
source: https://www.securityfocus.com/bid/149/info Microsoft IIS and other NT webservers contain a vulnerability that allows remote users to obtain the source code for an ASP file. When one appends ::$DATA to an asp being requested, the ASP source will be returned, instead of executing the ASP. F...
CVE-1999-0146
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...
Security Update for Windows 2000 (815021)
An identified security vulnerability in Microsoft® Windows 2000 could allow an attacker to take control of the computer. This issue is most likely to affect computers used as web servers. You can help protect your computer from this and other identified issues by installing this update from...