VARIoT IoT vulnerabilities database

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. IIS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Microsoft IIS of showcode.asp Passed source There is a vulnerability that allows arbitrary files to be viewed by specifying a relative path in the parameter.ASP You may get important information about the source code and system. IIS 4.0 installs a number of sample ASP scripts including one called "showcode.asp". This script allows clients to view the source of other sample scripts via a browser. The "showcode.asp" script does not perform sufficent checks and allows files outside the sample directory to be requested. In particular, it does not check for ".." in the path of the requested file. The script takes one parameter, "source", which is the file to view. The script's default location URL is: http://www.sitename.com/msadc/Samples/SELECTOR/showcode.asp Similar vulnerabilities have been noted in ViewCode.asp, CodeBrws.asp and Winmsdp.exe

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. IIS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. IIS is prone to a remote security vulnerability. Attackers can exploit this issue to perform unauthorized actions. This may aid in further attacks

It is reported that Cisco routers running versions 12.0 are affected by a vulnerability which allows packets to bypass input filter rules. When certain versions of Cisco IOS are configured with both input access lists and NAT, an interaction between different software bugs allows packets to bypass the input filter rules. This situation allows for a false sense of security by the administrators of affected devices. This may allow an attacker to circumvent access control restrictions, possibly aiding them in further compromise of protected computers.

The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button

Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. ini, (2) ModifyPassword registry entry under NAVMSE

In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters

Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time. Omniswitch is prone to a security bypass vulnerability. Xylan OmniSwitch prior to 3.2.6 is vulnerable

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration. Cisco 7Xx Routers is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. A remote attacker could exploit this vulnerability to change the router's configuration

Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port. There are vulnerabilities in the Cisco 7xx series

IMail POP3 daemon uses weak encryption, which allows local users to read files. IMail is prone to a local security vulnerability

Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL. The IMail web server can be crashed by requesting an abnormally long URL. There is a buffer overflow vulnerability in Ipswitch IMail Service version 5.0

Denial of service of Ascend routers through port 150 (remote administration). Ascend Router is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition

Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL. Cisco Router is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. An attacker can use long URLs to cause a denial of service

Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. The IMail IMonitor service can be crashed by exploiting a buffer overflow vulnerability

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the 'DevTool/bin/instlserver' program, according to the environment variable 'INSTROOT', the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. A serious vulnerability exists in certain current versions of the JVM. It is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java's typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim's system. If the victim can be led to visit the attacker's website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine

Denial of service in Windows NT IIS server using ..\.. Microsoft IIS From the client URI In ../.. If you receive a request that contains (Dos) There is a vulnerability that becomes a condition.Microsoft IIS Service disruption (DoS) It may be in a state. By requesting a malformed request comprised of '../..' the server service will stop responding. A restart of the service is required in order to gain normal functionality

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. This works because of the way the server calls the GetExtensionVersion() function the first time an ISAPI extension is loaded. Any user able to put a CGI script in the web structure can insert code that will be run as SYSTEM during this window

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server