7576 matches found
phpAuction 12 - Unauthorized Administrative Access
phpAuction 12 - Unauthorized Administrative Access source: https://www.securityfocus.com/bid/5141/info PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine. A flaw in /admin/login.php has been reported in PHPAuction, whic...
Noguska Nola 1.1.1 [ Intranet Business Management Software ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noguska Nola 1.1.1 Intranet Business Management Software .: Software Desciption :. - -- compied from their site -- Redefining the scope of Enterprise Software The NOLA web based software package allows your business to effortlessly reach further than...
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4565/info Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question FAQ management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a...
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/4565/info Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question FAQ management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script a...
CVE-2001-1065
CVE-2001-1065 affects Cisco 600-series routers running CBOS 2.0.1–2.4.2ap, where the web-based configuration utility binds to port 80 even when web configuration services are disabled. This could leave the device accessible to an attacker via the web interface. Root cause: the process binds port ...
bharat Mediratta Gallery 1.11.2 - Directory Traversal
bharat Mediratta Gallery 1.11.2 - Directory Traversal source: https://www.securityfocus.com/bid/3554/info Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. Due to insufficient validation of user-supplied input, it is b...
CVE-2001-0665
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."...
Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)
Overview A vulnerability that affects Microsoft IIS 5.0 and Exchange 2000 allows an intruder to disrupt IIS web services and web-based mail services served via an Exchange server. Description Microsoft IIS 5.0 contains a vulnerability that allows an intruder to cause a memory allocation error by...
CBOS Web-based Configuration Utility Vulnerability
...
Proxomitron Naoko-4 - Cross-Site Scripting
Proxomitron Naoko-4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3087/info Proxomitron is a free web proxy server. Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for...
ScreamingMedia SITEWare source code disclosure vulnerability
FS Advisory ID: FS-061201-18-SMSW Release Date: June 11, 2001 Product: ScreamingMedia SITEWare Vendor: ScreamingMedia Inc. http://www.screamingmedia.com Vendor Advisory: http://www.screamingmedia.com/security/sms1001.php Type: Source code disclosure vulnerability Severity: High Author: Mike Shema...
WebTrends Enterprise Reporting Server 3.1 c/3.5 - Source Code Disclosure
source: https://www.securityfocus.com/bid/2812/info WebTrends Live is a web-based reporting service which provides interactive tracking of usage statistics and E-commerce revenue. It is possible to view the source code of arbitrary scripts on the WebTrends Live webserver. This is accomplished by...
How to remove .printer mapping (WAS RE: Permanently remove IIS printer mapping)
This is from another list I receive. It explains this scenario rather well. Keith --------------------------------------------------- All IIS Administrators Please Read this Immediately --------------------------------------------------- I wanted to get this out right away. More info to follow. O...
Internet Explorer Vulnerability to Web Mail-based Spoofing Attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VERSIONS AFFECTED Internet Explorer 5.0 on the Macintosh and 4.0 on Windows both have the problem. IE 5 on Windows did not seem vulnerable, however it also didn't display the test image correctly, so there may still be issues. SUMMARY First. Internet...
iXsecurity.20001120.compaq-authbo.a
iXsecurity Security Vulnerability Report No: iXsecurity.20001120.compaq-authbo.a ======================================= Vulnerability Summary --------------------- Problem: The authentication of Compaq Web-Based Management contains a remotely exploitable buffer overflow Threat: Anyone that has...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...
iXsecurity.20001107.compaq-wbm.a
iXsecurity Security Vulnerability Report No: iXsecurity.20001107.compaq-wbm.a ==================================== Vulnerability Summary --------------------- Problem: The default installation of Compaq Web-Based Management on a Netware server reveals sensitive system files Threat: Anyone that ha...
DCForum 1-6 - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/1951/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are...
iXsecurity.20001107.compaq-wbm.a
iXsecurity Security Vulnerability Report No: iXsecurity.20001107.compaq-wbm.a ==================================== Vulnerability Summary --------------------- Problem: The default installation of Compaq Web-Based Management on a Netware server reveals sensitive system files Threat: Anyone that ha...
phpix 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The problem is that "../" character...