3702 matches found
SIX-webboard does not adequately validate user input thereby permitting directory traversal
Overview SIX-webboard does not adequately validate user input, allowing directory traversal. Description SIX-webboard 2.01 does not adequately validate the "content" CGI variable, allowing directory traversal out of SIX-webboard's content root directory. Attackers may exploit this vulnerability t...
PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution
Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...
Microsoft Windows 2000 fails to apply Group Policy to clients when policy file has been opened using exclusive read access (MS02-016)
Overview A vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings. Description When a user logs onto a Windows 2000 system, a number of "security policy" settings are applied to that user's session. The...
PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection
Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...
Microsoft Windows SMTP Service fails to properly handle responses from the NTLM authentication layer
Overview A flaw in the authentication code of the SMTP service provided with Windows 2000 server and Exchange 5.5 may allow a user access to the SMTP service. This acess could be used to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server...
Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution
Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...
Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling
Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...
Microsoft Windows 2000 Indexing Services enumerates local file locations via ixsso.query ActiveX object
Overview Index Server 2.0 and the Indexing Service 3.0 contain a vulnerability that may allow remote intruders to gain information about files on the local computer. Description Index Server 2.0 and Indexing Service 3.0 are services that allow information about local files to be queried via a web...
Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser
Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...
Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser
Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...
Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...
Novell GroupWise Server web-based front-end does not adequately validate user input thereby allowing directory traversal
Overview Novell GroupWise web application does not adequately validate user input, allowing directory traversal. Description Novell GroupWise server includes a web application that allows users to access e-mail and other features of the server. This component of GroupWise does not properly valida...
Apache mod_dav module vulnerable to DoS
Overview A denial-of-service vulnerability exists in Apache moddav. Description moddav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in moddav may allow an attacker ...
Allaire Forums does not verify user information stored in hidden form fields
Overview Allaire Forums does not verify user information submitted in hidden fields on a web form, allowing attackers to impersonate other users. Description Allaire Forums is a web-based bulletin board system that runs on Cold Fusion. When a user wishes to post a message, Allaire Forums...
TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages
Overview TDForum does not properly filter HTML scripting tags from user input, allowing users to post malicious scripts that may be executed unwittingly by other users. Description TDForum is a commercial software package providing dynamic web forum capabilities. Versions 1.2 and earlier of TDFor...
4D WebServer does not adequately validate user input thereby allowing directory traversal
Overview 4D WebServer does not properly validate HTTP requests, allowing directory traversal outside the root web directory. Description 4D WebServer versions 6.5.7 and earlier do not properly validate HTTP requests, allowing directory traversal outside the root web directory. --- Impact Remote...
Pi-Soft SpoonFTP does not adequately validate user input thereby allowing directory traversal
Overview SpoonFTP Server does not adequately validate user input, allowing directory traversal. Description SpoonFTP Server does not adequately validate arguments to the CWD command, allowing directory traversal out of the FTP root directory. --- Impact Users may read any directory or file on the...
zml.cgi does not adequately validate user input thereby allowing directory traversal
Overview zml.cgi does not adequately validate user input, allowing for directory traversal out of the web root directory. Description The perl script zml.cgi reads and parses a file on the server, executing certain Server Side Include SSI directives found in the file. The script accepts a CGI...
DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs
Overview DansGuardian does not properly filter Description DansGuardian is an HTTP proxy server based on Squid and enhanced to filter web content. DansGuardian does not properly process URLs that contain certain unspecified hexadecimal encodings, resulting in incomplete filtering of HTTP response...
Unix Manual PHP-Script does not adequately validate user input thereby allowing arbitrary command execution
Overview User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server. Description Unix Manual as known as manual.php is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before...
A1Stats multiple CGI scripts fail to adequately validate user input
Overview A1Stats does not properly validate user input, allowing directory traversal and overwriting of files. Description A1Stats is a CGI script that provides reports on web site traffic. A1Stats does not properly filter the CGI query string. An attacker may exploit this vulnerability to traver...
WebCalendar does not adequately validate user input
Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...
Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method
Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...
PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files
Overview PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. Attackers may exploit this vulnerability to copy, move, or upload files. Description PHPNuke is a set of PHP scripts designed to simplify website creation and maintenance. The "admin.php"...
Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities
Overview Microsoft Internet Explorer IE may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file. Description IE does not properly verify the Content-Disposition and Content-Type header...
PHP-Nuke does not adequately authenticate users thereby allowing attackers to change user information
Overview PHP-Nuke's saveuser function does not adequately authenticate users. Attackers may exploit this vulnerability to change user data and gain access to accounts. Description PHP-Nuke is a set of PHP scripts designed to simplify web site creation and maintenance. PHP-Nuke's saveuser function...
Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed
Overview Textor Webmasters Ltd listrec.pl CGI script does not properly validate input to the "TEMPLATE" CGI variable, allowing arbitrary command execution. Description The CGI script listrec.pl by Textor Webmasters Ltd does not properly validate input to the "TEMPLATE" CGI variable. This value is...
Cherokee Web Server fails to drop privileges after daemon starts
Overview Cherokee fails to drop root privileges after binding to port 80. Description Cherokee is a compact, open-source web server. Cherokee is designed to start as root and drop root privileges after binding to port 80. However, versions of Cherokee prior to 0.2.7 fail to drop root privileges...
Handspring VisorPhone vulnerable to DoS via SMS image transfer
Overview Handspring Visors equipped with the VisorPhone Springboard module can crash when receiving large SMS images from other mobile devices. Description Handspring Visor is a Palm-OS-based personal digital assistant PDA that features a proprietary plug-in hardware expansion technology named...
Cherokee Web Server does not adequately validate user input thereby allowing remote command execution
Overview Cherokee does not properly validate HTTP requests. Attackers may exploit this vulnerability to execute arbitrary commands as root. Description Cherokee is a compact, open-source web server. Cherokee passes Uniform Resource Identifiers URI's from HTTP requests directly to the shell withou...
Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request
Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...
Cherokee Web Server does not adequately validate user input thereby allowing directory traversal
Overview Cherokee contains a directory traversal vulnerability caused by failure to filter '../' character sequences. Description Cherokee is a compact, open-source web server. Cherokee does not filter '../' sequences from HTTP requests. As a result, it is possible for a remote attacker to reques...
EFTP does not adequately validate user input thereby allowing directory traversal
Overview Encrypted File Transfer Program EFTP does not properly validate CWD commands, allowing authenticated users to read arbitrary directories and files. Description Encrypted File Transfer Program EFTP is an implementation of the FTP protocol using 448-bit Blowfish encryption. EFTP allows...
Exim does not adequately validate user input thereby allow execution of arbitrary commands
Overview Under certain configurations, Exim may execute commands embedded in a mail message's From address. Description Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through...
AdCycle does not adequately validate user input thereby allowing for SQL injection
Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...
Mac OS X utility gm4 contains format string vulnerability
Overview The gm4 utility of Mac OS X contains a buffer overflow, which may allow a root compromise through other programs. Description The gm4 utility of Mac OS X contains a buffer overflow. Some setuid root programs on Mac OS X may rely on gm4, possibly allowing a root compromise through these...
HP Tru64 UNIX "chfn" contains buffer overflow (SSRT2259)
Overview The HP Tru64 UNIX implementation of "chfn" contains a locally exploitable buffer overflow. Description A locally exploitable buffer overflow in "chfn" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --- Impact A local user may be...
Slash-based bulletin boards contain a "quick login" feature that may disclose username and password
Overview Slash-based bulletin boards contain a vulnerability that may cause users to disclose their username and password to third-party sites. Description As described in the Slashcode FAQ, "Slash is a database-driven news and message board, using Perl, Apache and MySQL." Slash allows web site...
Multiple vulnerabilities exist within credit card chips thereby allowing malicious user to bypass authentication mechanism
Overview French smart card reader terminals can be fooled into accepting imposter smart cards for payment. Description French smart cards are credit cards with an embedded chip containing certain cardholder, account, and authentication information. These cards are read by automated terminals acro...
Mike Spice's Vote does not adequately validate user input
Overview Mike Spice's Vote does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Vote to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Vote is a CGI script written in Perl and...
Mike Spice's My Calendar does not adequately validate user input
Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...
Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files
Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...
Mike Spice's Quiz Me! does not adequately validate user input
Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...
Vandyke Software SecureCRT contains buffer overflow vulnerability in password handling code
Overview SecureCRT is vulnerable to buffer overflow from improper handling of long password input. Description SecureCRT is a terminal emulator and SSH client for Windows. If the SSH1 protocol is used and the user enters a password 300 characters or more in length, SecureCRT will crash, with the...
IBM AIX vulnerable to buffer overflow in RCP
Overview IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges. Description Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents. --- Impact...
Hewlett Packard JetDirect-enabled printers disclose Telnet/HTTP passwords in hex format via "SNMP READ" request
Overview Hewlett Packard HP printers store sensitive administrative account information in a variable that is served to any user that makes a certain SNMP request. Description HP JetDirect-enabled printers are configurable via HTTP and Telnet and accept SNMP requests. These printers store the...
IBM AIX FC contains buffer overflow exploitable during session setup
Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...
IBM AIX vulnerable to buffer overflow in RPC routines
Overview IBM AIX contains a possible buffer-overflow vulnerability. Description Version 4.3 of IBM AIX has a possible buffer-overflow vulnerability in its RPC routines, due to use of an incorrect variable data type. No further information is available from the vendor. --- Impact The complete impa...
Nobreak CrazyWWWBoard contains buffer overflow via User-Agent field
Overview Some versions of CrazyWWWBoard contain a buffer-overflow vulnerability that can be exploited by a remote user to execute arbitrary code. Description CrazyWWWBoard is a binary CGI program that is designed to provide dynamic web bulletin board services on web servers. Versions 2000p4 and...
Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site
Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...