VARIoT IoT vulnerabilities database

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. Microsoft IIS Is URL If the redirect is valid, Code Red Service operation is affected by the worm (DoS) A condition may occur.Microsoft IIS Service disruption (DoS) It may be in a state. Due to the inproper handling of URL redirection in IIS 4.0, it is possible to cause a host to stop responding. This vulnerability is currently being exploited by the 'Code Red' worm. Upon the worm sending a request attempting to infect the target host, IIS 4.0 will inproperly handle the unusal length of the request and fail. A restart of the service is required in order to gain normal functionality. It should be noted that the 'Code Red' worm attempts to exploit a previously discovered vulnerability BID 2880. Due to a flaw in SiteWare Editor's Desk, it is possible for a user to gain read access of known files residing on a SiteWare host. This is accomplished by crafting a URL containing double dot '../' sequences along with the relative path to a known file

cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. There is a vulnerability in the cookiedecode function in PHP-Nuke version 4.4

The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. The Cisco Content Service Switch is an enterprise level web content switch, designed for load balancing and use as a frontend to a redundant web farm. It was previously manufactured by Arrowpoint. A problem with the switch can make it possible for a user to elevated privileges. Due to insufficent authentication checking, a user can bookmark the URL he or she is redirected to, and access the switch via that URL without authenication

Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. It is maintained by Cisco systems. By initiating a TCP scan against a piece of Cisco hardware 3100-3999, 5100-5999, 7100-7999, and 10100-10999, the router becomes unstable and suffers memory corruption. Upon the next attempt to access the configuration, the router will unexpectedly reload the configuration. This problem makes it possible for a remote user to cause an arbitrary reload of the router configuration, and potentially deny service to network assets

The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. The Cisco Content Service (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches. A problem with the switch could allow non-privileged users to upload files to the switch. The switch allows any user with a valid account to use the FTP PUT and GET functions. This problem makes it possible for a remote user to overwrite local files, or gain access to sensitive files

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. It is possible to log in remotely to the server and shut down the service by making a directory with a name that is 65 characters long. Users must be authenticated to engage this attack

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Passwords are stored in plaintext format in the prefs folder

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS decodes the filename to determine the filetype and the legitimacy of the file. IIS then carries out a security check. 2. When the security check is completed, IIS decodes CGI parameters. A flaw in IIS involves a third undocumented action: Typically, IIS decodes only the CGI parameter at this point, yet the previously decoded CGI filename is mistakenly decoded twice. If a malformed filename is submitted and circumvents the initial security check, the undocumented procedure will decode the malformed request, possibly allowing the execution of arbitrary commands. Note that arbitrary commands will be run with the IUSR_machinename account privileges. Reportedly, various encoding combinations under Windows 2000 Server and Professional may yield different outcomes. Personal Web Server 1.0 and 3.0 are reported vulnerable to this issue. The worm Nimda(and variants) actively exploit this vulnerability

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. A user attempting to authenticate using a valid login name appended with specially chosen characters, will not be required to specify the domain which the account belongs. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain

Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Microsoft Windows Is Telnet If you use a legitimate user account with a special character string added and there is a flaw in the implementation of the domain authentication operation, you will not be asked for domain authentication when logging in to the domain to which the account belongs. Telnet The service is vulnerable to enumerating server domains and all domains trusted by user accounts instead of authentication.There is a possibility of unauthorized login to the system. Once the account is located, the user will have to complete the authentication process. At this point brute force attacks can be used in an attempt to gain access to the domain

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS. IOS is the firmware designed for Cisco routers. IOS is a router specific firmware designed to allow networkers the ability to configure and control Cisco routers. A problem in IOS can allow remote users to crash Cisco routers. This problem makes it possible for a remote user to crash Cisco routers using BGP, and deny service to legitimate users

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. CUPS is prone to a local security vulnerability. A local attacker may exploit this issue to perform unauthorized actions. Common Unix Printing System (CUPS) is a common Unix printing system and a cross-platform printing solution in the Unix environment. It is based on the Internet Printing Protocol and provides most PostScript and raster printer services. This vulnerability is different from CVE-2001-1333

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning (WebDAV) request. WebDAV contains a flaw in the handling of certain malformed requests. This vulnerability has been known to affect the server performance and could lead to a denial of service condition, however this has not been verified

Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. A denial-of-service vulnerability exists in the Hot Standby Router Protocol (HSRP) . It is designed to offer traffic rerouting services to networks when one router within a pool ceases to operate, and users of the network segment aren't using ICMP Router Discovery Protocol to find the new router handling traffic for their segment. By eavesdropping on HSRP management messages sent over the network, it is possible to create a spoofed message that will reroute all network traffic to a particular system. By doing so, it is possible to prevent traffic from entering or leaving that network. This problem makes it possible for system local to the network to deny service to legitmate users of that network segment

Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. GoAhead WebServer is prone to a directory traversal vulnerability

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. PHP-Nuke is prone to a remote security vulnerability. PHP-Nuke 4.4.1a is vulnerable

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. PHP-Nuke is prone to a remote security vulnerability. Vulnerabilities exist in bb_smilies.php and bbcode_ref.php in PHP-Nuke version 4.4

Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both. Cisco IOS and CatOS are the network firmware developed and maintained by Cisco. The problem involves the design of the View Access Control MIB (VACM) used by Cisco firmware. Under some circumstances, it may be possible for a remote user to gain access to the Read-Write password. This could allow an attacker to change configuration settings on the device

When the length of a certain type of Web request exceeds a certain value, the Web Proxy Service (W3PROXY.EXE) of Microsoft ISA Server cannot properly handle it, a heap overflow occurs, and the service will generate an illegal access and crash. This will block all incoming and outgoing web proxy requests until the service is restarted. This vulnerability can only be exploited from the Internet when the "Web Publishing" feature is turned on, and this feature is disabled by default. An attacker would also be unable to exploit this vulnerability to access protected resources through a firewall. Other services in ISA Server are not affected. & lt; * Source: Richard Reiner, Graham Wiseman, Matthew Siemens, Kent Nicolson & lt; a href = 'http: //www.securexpert.com'> http: //www.securexpert.com< / a> MS01-021: & lt; a href = 'http: //www.microsoft.com/technet/security/bulletin/MS01-021.asp'> http://www.microsoft.com/technet/security/bulletin/MS01-021.asp&lt ; / a> *>

Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. A potential denial of service condition may exist in Cisco's IOS firmware. The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful