IIS 6.0 Web Admin Multiple vulnerabilities

Hi, last week I installed Windows 2003 for the first time Enterprise edition and Web Server edition. My first objective was to check the security in the IIS 6.0 and of course my target was the Web Admin interfacethat comes with a lot of ASP's to play with ;- Some flaws were detected, the vendor h...

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 webadmin-4.2r2 on Linux x86 This is not the same issue as bid 6144 index.fcgi, now is on "vsdiag.cgi". Exploit is simple: http://target:9090/apps/web/vsdiag.cgi?server=YOURCODE I have read this post:...

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to...

CVE-2002-0107

CacheFlow CacheOS 4.0.13 and earlier expose a information disclosure vulnerability in a web administration interface: a sequence of GET requests that do not end with a HTTP/1.0 (or another version) string causes leakage of sensitive data in the error message. Affected product: CacheFlow CacheOS (...

CVE-2001-0299

CVE-2001-0299 affects the Nokia IP440 Voyager web administration server. The vulnerability is a buffer overflow in the web admin interface triggered by processing a long URL, allowing local users to cause a denial of service and potentially execute arbitrary commands. The available documents conf...

CVE-1999-1207

Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request...