Echo Security Advisory 2005.21

--------------------------------------------------------------------------- ECHOADV21$2005 MUltiple Vulnarable In ActiveBuyAndSell --------------------------------------------------------------------------- Author: Dedi Dwianto Date: June, 24th 2005 Location: Indonesia, Jakarta Web:...

Cacti: Several vulnerabilities

Background Cacti is a complete web-based frontend to rrdtool. Description Cacti fails to properly sanitize input which can lead to SQL injection, authentication bypass as well as PHP file inclusion. Impact An attacker could potentially exploit the file inclusion to execute arbitrary code with the...

Ipswitch WhatsUp Professional 2005 SP1 - 'login.asp' SQL Injection

source: https://www.securityfocus.com/bid/14039/info WhatsUp Professional is prone to an SQL injection vulnerability affecting its Web-based front end. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL...

CVE-2002-1733

Technical details are not publicly available in the provided documents for CVE-2002-1733. Monitor for updates; no confirmed affected products, versions, or fixes are specified in the supplied sources.

CVE-2002-1733

Cross-site scripting XSS vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post...

paFAQ 1.0 Beta 4 Multiple Vulnerabilities

The remote host is running paFAQ, a web-based FAQ system implemented in PHP / MySQL. The installed version of paFAQ on the remote host suffers from several vulnerabilities. Among the more serious are a SQL injection vulnerability that enables an attacker to bypass admin authentication and a...

ViRobot Linux Server addschup Multiple Overflows

The remote host is running ViRobot Linux Server, a commercial anti- virus product for Linux. According to its banner, the installed version of ViRobot Linux Server suffers from a remote buffer overflow vulnerability in its web-based management interface. By passing specially crafted data through...

eGroupWare: XSS and SQL injection vulnerabilities

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...

CVE-2005-0112

The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point AP 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the 1 config.bin 2 profile.wlp?PN=ggg or 3...

PhotoPost < 5.02 RC3 Multiple Content-parsing Vulnerabilities

Binary data 2778.prm...

RunCMS highlight.php Information Disclosure

Binary data 2723.prm...

punBB < 1.2.5 Multiple SQL Injection and Authentication Bypass Vulnerabilities

Binary data 2715.prm...

Phorum < 5.0.15 HTML Injection

Binary data 2705.prm...

CVE-2002-1590

The Web-Based Enterprise Management WBEM packages 1 SUNWwbdoc, 2 SUNWwbcou, 3 SUNWwbdev and 4 SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service...

Microsoft IIS 5.0 - &#039;.printer&#039; ISAPI Extension Buffer Overflow (3)

/ source: https://www.securityfocus.com/bid/2674/info Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow...

CVE-2005-0112

The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point AP 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the 1 config.bin 2 profile.wlp?PN=ggg or 3...

Squid < 2.5.STABLE7 Report Information Disclosure

Binary data 2491.prm...

phpGroupWare.txt

GulfTech Security Research December 14th, 2004 Vendor : phpGroupWare URL : http://www.phpgroupware.org Version : phpGroupWare 0.9.16.003 Risk : Multiple Vulnerabilities Description: phpGroupWare formerly known as webdistro is a multi-user groupware suite written in PHP. It provides a Web-based...

CVE-2004-0611

Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service no new connections via a large number of open HTTP connections...

CVSTrac Detection

The remote host is running CVSTrac, a web-based bug and patch-set tracking system for CVS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid15722; scriptversion"1.14";...