CVE Cross Reference 1999
The information on this page may be obsolete. For the current documentation, please log into the mySAINT portal using your customer login and password.
Current CVEs
| CVE Description | SAINT®® Tutorial | SAINT®® Vuln. ID | SANS Top 20 | ||
 |
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. |
mountd vulnerabilities |
rpc_mountd | ||
 |
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
tooltalk version |
rpc_tooltalkbo | ||
|
Arbitrary command execution via IMAP buffer overflow in authenticate command. |
imap version |
mail_imap_bo | ||
|
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. |
pop version |
mail_pop_qpop mail_pop_two |
||
|
Buffer overflow in NIS+, in Sun's rpc.nisd program. |
nisd vulnerability |
rpc_nisd | ||
|
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. |
SSH AttachmateWRQ vulnerabilities SSH vulnerabilities |
shell_ssh_fsecure shell_ssh_ssh |
||
 |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
FTP bounce |
ftp_bounce | ||
|
Buffer overflow in statd allows root privileges. |
rpc statd access |
rpc_statd | ||
|
Delete or create a file via rpc.statd, due to invalid information. |
rpc statd access |
rpc_statd | ||
|
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. |
http cgi access |
web_prog_cgi_count | ||
|
DNS cache poisoning via BIND, by predictable query IDs. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
FTP vulnerabilities |
ftp_wuftpold | ||
|
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter. |
http cgi access |
web_prog_cgi_webdist | ||
|
Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
imap version pop version |
mail_imap_bo mail_pop_two mail_pop_uw |
||
|
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
innd vulnerabilities |
misc_inndbo | ||
|
List of arbitrary files on Web host via nph-test-cgi script. |
http cgi info |
web_prog_cgi_nphtestcgi | ||
|
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. |
talk vulnerabilities |
misc_talk | ||
|
Buffer overflow in PHP cgi program, php.cgi allows shell access. |
http cgi access |
web_prog_php_phpcgi | ||
|
IRIX fam service allows an attacker to obtain a list of all files on the server. |
SGI fam vulnerability |
rpc_sgifam | ||
|
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
BSD lpd Linux lpd |
printer_bsdlpd printer_linuxlpd |
||
|
AnyForm CGI remote execution. |
http cgi access |
web_prog_cgi_anyform web_prog_cgi_anyformtwo |
||
|
phf CGI program allows remote command execution through shell metacharacters. |
http cgi access |
web_prog_cgi_phf | ||
|
test-cgi program allows an attacker to list files on the server. |
http cgi info |
web_prog_cgi_testcgi | ||
|
Predictable TCP sequence numbers allow spoofing. |
TCP sequence number prediction |
misc_tcpseq | ||
|
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. |
FTP vulnerabilities |
ftp_wuftpold | ||
|
The debug command in Sendmail is enabled, allowing attackers to execute commands as root. |
Sendmail vulnerabilities |
mail_smtp_debug | ||
|
Sendmail decode alias can be used to overwrite sensitive files. |
sendmail decode |
mail_smtp_decode | ||
|
Remote access in AIX innd 1.5.1, using control messages. |
innd vulnerabilities |
misc_inndbo | ||
|
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. |
packet flooding problems |
net_chargen | ||
|
finger allows recursive searches by using a long string of @ symbols. |
finger redirection |
misc_finger_redirect | ||
|
Finger redirection allows finger bombs. |
finger redirection |
misc_finger_redirect | ||
|
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Local users can start Sendmail in daemon mode and gain root privileges. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. |
http cgi access |
web_prog_cgi_campas | ||
|
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. |
http cgi access |
web_prog_cgi_handler | ||
|
The handler CGI program in IRIX allows arbitrary command execution. |
http cgi access |
web_prog_cgi_aglimpse | ||
|
The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
http cgi info |
web_prog_cgi_wrap | ||
|
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
NFS export via portmapper |
rpc_nfs_portmap | ||
|
FormMail CGI program allows remote execution of commands. |
http cgi access |
web_prog_cgi_formmail | ||
|
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
http cgi access |
web_prog_cgi_viewsource | ||
|
The Webgais program allows a remote user to execute arbitrary commands. |
http cgi access |
web_prog_cgi_webgais | ||
|
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
http cgi access |
web_prog_cgi_uploader | ||
|
Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. |
http cgi access |
web_prog_cgi_wincsample | ||
|
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
Guessable Read Community Guessable Write Community |
net_snmp_read net_snmp_write |
||
|
IIS newdsn.exe CGI script allows remote users to overwrite files. |
http IIS samples |
web_prog_iis_newdsn | ||
|
websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). |
http cgi access |
web_prog_cgi_websendmail | ||
|
finger 0@host on some systems may print information on some user accounts. |
excessive finger info |
misc_finger_zero | ||
|
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. |
Solaris rpc ypupdated vulnerabilities |
misc_solaris_rpcypupdated | ||
|
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
rpc statd access |
rpc_statd | ||
|
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. |
Serv U vulnerabilities |
ftp_servu | ||
|
Remote execution of arbitrary commands through Guestbook CGI program. |
http potential problems |
web_prog_cgi_guestbook | ||
|
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. |
SSH AttachmateWRQ vulnerabilities SSH vulnerabilities |
shell_ssh_fsecure shell_ssh_ssh |
||
|
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. |
Guessable Read Community Guessable Write Community |
net_snmp_openview net_snmp_openvieww net_snmp_read |
||
|
The jj CGI program allows command execution via shell metacharacters. |
http cgi access |
web_prog_cgi_jj | ||
|
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. |
http cgi access |
web_prog_cgi_faxsurvey | ||
|
htmlscript CGI program allows remote read access to files. |
http cgi access |
web_prog_cgi_htmlscript | ||
|
The info2www CGI script allows remote file access or remote command execution. |
http cgi access |
web_prog_cgi_info2www | ||
|
Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. |
http cgi access |
web_prog_cgi_pfdispaly | ||
|
Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. |
http potential problems |
web_prog_cgi_excite | ||
|
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. |
Open proxy |
misc_wingate | ||
|
Buffer overflow in FreeBSD lpd through long DNS hostnames. |
BSD lpd |
printer_bsdlpd | ||
|
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. |
calendar manager |
rpc_cmsd | ||
|
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. |
HP Omniback vulnerabilities |
net_omniback | ||
|
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
FTP vulnerabilities ProFTPD vulnerabilities |
ftp_beroftp ftp_proftpold ftp_wuftpold |
||
|
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |
http Cold Fusion |
web_prog_cfm_exprcalc | ||
|
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. |
Guessable Read Community |
net_snmp_read | ||
|
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
http Cold Fusion |
web_prog_cfm_openfile | ||
|
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
rpc statd access |
rpc_statd | ||
|
Anonymous FTP is enabled. |
Anonymous FTP |
ftp_anonymous | ||
|
A Unix account has a guessable password. |
guessed account password |
pass_guessed | ||
|
A Unix account has a default, null, blank, or missing password. |
guessed account password |
pass_none | ||
|
A Windows NT local user or administrator account has a guessable password. |
guessed account password |
pass_win | ||
|
A Windows NT local user or administrator account has a default, null, blank, or missing password. |
guessed account password |
pass_winnone | ||
|
A Windows NT domain user or administrator account has a guessable password. |
guessed account password |
pass_win | ||
|
A Windows NT domain user or administrator account has a default, null, blank, or missing password. |
guessed account password |
pass_winnone | ||
|
An account on a router, firewall, or other network device has a guessable password. |
default device password |
net_asantepass net_avayapass net_axispass net_dynalinkpass net_gatewaypass net_netgearzebra net_netscreennetscreen net_password net_prestige net_utstarcom net_verticalpass |
||
|
An account on a router, firewall, or other network device has a default, null, blank, or missing password. |
default device password |
net_asantepass net_avayapass net_axispass net_dynalinkpass net_gatewaypass net_netgearzebra net_netscreennetscreen net_password net_prestige net_utstarcom net_verticalpass |
||
|
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
http cgi shells |
web_prog_shell_ash web_prog_shell_bash web_prog_shell_csh web_prog_shell_ksh web_prog_shell_perl web_prog_shell_perlexe web_prog_shell_sh web_prog_shell_tcsh web_prog_shell_zsh |
||
|
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. |
SMTP mail relay SMTP turn |
mail_smtp_relay mail_smtp_turn |
||
|
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
packet flooding problems |
net_smurf | ||
|
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
packet flooding problems |
net_fraggle | ||
|
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. |
remote shell access |
shell_r_trust shell_r_usertrust |
||
|
An SNMP community name is guessable. |
Guessable Read Community Guessable Write Community |
net_snmp_read net_snmp_write |
||
|
An SNMP community name is the default (e.g. public), null, or missing. |
Guessable Read Community Guessable Write Community Cisco IOS SNMP access |
net_snmp_ilmi net_snmp_ilmiw net_snmp_ios net_snmp_nogah net_snmp_nogahw net_snmp_openview net_snmp_openvieww net_snmp_read net_snmp_write |
||
|
A NETBIOS/SMB share password is the default, null, or missing. |
open SMB shares |
win_share | ||
|
A system-critical NETBIOS/SMB share has inappropriate access control. |
open SMB shares |
win_rwshare win_share |
||
|
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |
ICMP information disclosure |
misc_icmp_netmask misc_icmp_timestamp |
||
|
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
unrestricted X server access |
misc_xhost | ||
|
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. |
writable FTP directory |
ftp_writable | ||
|
A DNS server allows zone transfers. |
DNS zone transfer |
dns_transfer | ||
|
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. |
Windows account rights Note: Authentication is required to detect this vulnerability |
win_policy_rights_debug win_policy_rights_driver win_policy_rights_lock win_policy_rights_os win_policy_rights_own win_policy_rights_priority win_policy_rights_ptoken win_policy_rights_share win_policy_rights_token win_policy_rights_trav |
||
|
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. |
Windows account policy |
win_policy_account_passcomplex win_policy_account_passhist win_policy_account_passlen win_policy_account_passmax win_policy_account_passmin |
||
|
NFS exports system-critical data to the world, e.g. / or a password file. |
unrestricted NFS export |
rpc_nfs_unres | ||
|
The registry in Windows NT can be accessed remotely by users who are not administrators. |
registry access |
win_registry | ||
|
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file. |
http server autoindex |
web_security_autoindex | ||
|
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking. |
Windows auditing Note: Authentication is required to detect this vulnerability |
win_policy_audit_acctmgmt win_policy_audit_acctmgmtfail win_policy_audit_enabled win_policy_audit_logon win_policy_audit_logonfail win_policy_audit_objaccess win_policy_audit_objaccessfail win_policy_audit_policy win_policy_audit_policyfail win_policy_audit_system win_policy_audit_systemfail |
||
|
A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
Windows account policy |
win_policy_account_lockout | ||
|
A Windows NT administrator account has the default name of Administrator. |
Windows default account names |
win_policy_account_adminrename | ||
|
A system-critical Windows NT registry key has inappropriate permissions. |
Windows registry permissions registry access Note: Authentication is required to detect this vulnerability |
win_policy_perm_run win_policy_perm_runonce win_policy_perm_schedule win_policy_perm_uninstall win_registry |
||
|
The Logon box of a Windows NT system displays the name of the last user who logged in. |
last user name disclosure Note: Authentication is required to detect this vulnerability |
win_policy_account_lastuser | ||
|
A version of finger is running that exposes valid user information to any entity on the network. |
excessive finger info |
misc_finger_info | ||
|
The rpc.sprayd service is running. |
sprayd vulnerability |
rpc_sprayd | ||
|
The rexec service is running. |
rexec on the Internet |
shell_r_rexec | ||
|
The rstat/rstatd service is running. |
rstatd vulnerability |
rpc_rstatd | ||
|
The rpc.rquotad service is running. |
rquotad vulnerability |
rpc_rquotad | ||
|
A version of rusers is running that exposes valid user information to any entity on the network. |
rusersd vulnerability |
rpc_rusers | ||
|
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
REXD access |
rpc_rexd | ||
|
The ident/identd service is running. |
auth vulnerability Note: Authentication is required to detect this vulnerability |
misc_identsvc | ||
|
The NT Alerter and Messenger services are running. |
NT Alerter and Messenger Services vulnerability Note: Authentication is required to detect this vulnerability |
misc_messengersvc | ||
|
The RPC portmapper service is running. |
sunrpc portmapper vulnerability Note: Authentication is required to detect this vulnerability |
misc_sunrpcsvc | ||
|
The echo service is running. |
echo vulnerability Note: Authentication is required to detect this vulnerability |
misc_echosvc | ||
|
The discard service is running. |
discard vulnerability Note: Authentication is required to detect this vulnerability |
misc_discardsvc | ||
|
The systat service is running. |
systat vulnerability Note: Authentication is required to detect this vulnerability |
misc_systatsvc | ||
|
The daytime service is running. |
daytime vulnerability Note: Authentication is required to detect this vulnerability |
misc_daytimesvc | ||
|
The chargen service is running. |
packet flooding problems |
net_chargen | ||
|
The Gopher service is running. |
gopher vulnerabilities |
misc_gophersvc | ||
|
The UUCP service is running. |
uucp vulnerability Note: Authentication is required to detect this vulnerability |
misc_uucpsvc | ||
|
The rsh/rlogin service is running. |
remote login on the Internet remote shell on the Internet |
shell_r_rlogin shell_r_rsh |
||
|
A component service related to NIS+ is running. |
nisd vulnerability |
rpc_nisdsvc | ||
|
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. |
Windows updates needed Microsoft Office vulnerabilities Internet Explorer vulnerabilities License Logging Service Windows Locator vulnerability NetDDE vulnerability WINS vulnerability Note: Authentication is required to detect this vulnerability |
win_patch_authenticode win_patch_bytecode win_patch_certvalid win_patch_com win_patch_connman win_patch_cursor win_patch_debugger win_patch_dhtmledit win_patch_directx win_patch_excel win_patch_gdiplus win_patch_hcp win_patch_help win_patch_helpcenter win_patch_htmlconv win_patch_htmlhelp win_patch_htmlhelpcross win_patch_hyperlink win_patch_hyperterm win_patch_ie_crossdom win_patch_ie_css win_patch_ie_dhtml win_patch_ie_modal win_patch_ie_patch win_patch_ie_srcbo win_patch_ie_travellog win_patch_indexing win_patch_jdbc win_patch_jet win_patch_jetiv win_patch_kerneldebug win_patch_kernelpe win_patch_liclog win_patch_listbox win_patch_locator win_patch_mciwndx win_patch_mdac win_patch_messenger win_patch_ms04011 win_patch_msasn1 win_patch_netdde win_patch_netmeeting win_patch_nt4sp6asrp1 win_patch_ntdll win_patch_ntrpc win_patch_officexp win_patch_ole win_patch_posixbo win_patch_rasphonebook win_patch_redirect win_patch_rpc win_patch_rpcdos win_patch_rpcrunlib win_patch_rpcss win_patch_shareprovider win_patch_shell win_patch_shellapp win_patch_shellclsid win_patch_shellexecute win_patch_shellpath win_patch_skins win_patch_sp2srp1 win_patch_taskbo win_patch_troubleshooter win_patch_uncprovider win_patch_upnp win_patch_urlscript win_patch_utility win_patch_wins win_patch_wmf win_patch_wmppng win_patch_wordpadwfwc win_patch_workstation win_patch_wpconv win_patch_xpshell win_patch_zipfolder |
||
|
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges. |
tooltalk version |
rpc_tooltalkbo | ||
|
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). |
calendar manager |
rpc_cmsd | ||
|
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
amd buffer overflow |
rpc_amd | ||
|
Buffer overflow in INN inews program. |
innd vulnerabilities |
misc_inndbo | ||
|
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
http IIS samples |
web_prog_iis_showcode | ||
|
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
http IIS samples |
web_prog_iis_code | ||
|
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
http IIS samples |
web_prog_iis_codebrws web_prog_iis_sdkcodebrws |
||
|
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
Netscape vulnerabilities |
web_server_netscape_fasttrack web_server_netscape_netscape |
||
|
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
Netscape vulnerabilities |
web_server_netscape_fasttrack web_server_netscape_netscape |
||
|
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
Netscape vulnerabilities |
web_server_netscape_fasttrack web_server_netscape_netscape |
||
|
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. |
http Cold Fusion |
web_prog_cfm_startstop | ||
|
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. |
Netscape vulnerabilities |
web_server_netscape_fasttrack web_server_netscape_netscape |
||
|
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
Compaq Insight Manager http server |
web_tool_cim | ||
|
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
Compaq Insight Manager http server |
web_tool_cim | ||
|
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
Oracle TNS Listener |
database_oracle_tns | ||
|
Buffer overflow in AIX ftpd in the libc library. |
AIX FTP vulnerabilities |
ftp_aix | ||
|
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. |
dhcpd vulnerabilities |
misc_dhcp | ||
|
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. |
mountd vulnerabilities |
rpc_nfsd | ||
|
Buffer overflow in BIND 8.2 via NXT records. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. |
SSH vulnerabilities |
shell_ssh_ssh | ||
|
Denial of service in BIND named via malformed SIG records. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Denial of service in BIND by improperly closing TCP sessions via so_linger. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. |
Serv U vulnerabilities |
ftp_servu | ||
|
Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Denial of service in BIND named via maxdname. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Denial of service in BIND named via naptr. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindbo dns_potential |
||
|
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. |
Netscape vulnerabilities |
web_server_netscape_fasttrack web_server_netscape_netscape |
||
|
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. |
innd vulnerabilities |
misc_inndbo | ||
|
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. |
http IIS access Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis | ||
|
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. |
FTP vulnerabilities ProFTPD vulnerabilities |
ftp_beroftp ftp_proftpold ftp_wuftpold |
||
|
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. |
FTP vulnerabilities ProFTPD vulnerabilities |
ftp_beroftp ftp_proftpold ftp_wuftpold |
||
|
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
FTP vulnerabilities ProFTPD vulnerabilities |
ftp_beroftp ftp_proftpold ftp_wuftpold |
||
|
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. |
Zeus vulnerabilities |
web_server_zeus | ||
|
The Zeus web server administrative interface uses weak encryption for its passwords. |
Zeus vulnerabilities |
web_server_zeus | ||
|
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |
ProFTPD vulnerabilities |
ftp_proftpold | ||
|
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. |
http Cold Fusion |
web_prog_cfm_sourcewindow | ||
|
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. |
http Cold Fusion |
web_prog_cfm_viewex | ||
|
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. |
http Cold Fusion |
web_prog_cfm_syntax | ||
|
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |
WFTPD vulnerabilities |
ftp_wftpd | ||
|
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands. |
http cgi access |
web_prog_cgi_imagemap | ||
|
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. |
http cgi info |
web_prog_cgi_wwwboard | ||
|
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command. |
FTP vulnerabilities |
ftp_wuftpold | ||
|
The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. |
OmniHTTPd vulnerabilities |
web_server_omni | ||
|
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. |
Exim vulnerability |
mail_smtp_eximbo | ||
|
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. |
sadmind |
rpc_sadmind | ||
|
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. |
Microsoft SQL Server Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql | ||
|
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. |
ODBC RDS |
web_server_rds | ||
|
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." |
SSH vulnerabilities |
shell_ssh_ssh | ||
|
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf. |
Internet Anywhere vulnerabilities |
mail_pop_iaemailserver mail_smtp_iaemailserver |
||
|
Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. |
http FrontPage |
web_cms_fp_fpcount | ||
|
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. |
http server read access |
web_server_read | ||
|
Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function. |
thttpd vulnerabilities |
web_server_thttpd | ||
|
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments. |
Internet Anywhere vulnerabilities |
mail_pop_iaemailserver |
: A dangerous check is available for this vulnerability.