Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.
f2562bfaf09eac881c34bf6c3fc7b51eb464aca2b3cb81446d72d5bf1fc82e7cThere is a vulnerability in Oracle Web Listener where a resource can be accessed when is shouldn't be able to be accessed.
edbaf44df750aefe719e9ff3f21674bad0f77af1f4d13f12053ddc777bd9e89bFormHandler.cgi uses hard coded physical path names for templates so it is possible to read any file on the system.
982f352a5e509b2e9e1fc85b0d6714be542e0e546c96f5882dc578ee003c3f13IPC$Crack Ver 2.0 - IPC$Crack is a command line based program that uses a dictionary based attack to attempt to learn the password of an account on an NT box. For Win95/98/NT.
b141ab9059995c591e00554e024aaf21aa112f1df6acde66e65fb8f3395a5324Bad permissions on Windows NT ProfileList registry subkeys allow any malicious NT user to cause other users of the system to load a "trojaned" profile that could lead to a system compromise. Exploit description and vendor solution included.
54057eb398a0eeecb0fcb718eabe86ff4593d8772f67adaac7ec2fed79e5fad7Microsoft's Index Server 2.0 allows anybody to discover the physical path to directories being indexed, or if a directory found in a network share is being indexed, they can learn the name of the machine on which the share resides and the name of the user account used to access that share on behalf of Index and Internet Information Server 4.
1d0ab1349677a5f4764c564c47751f2d857b11dce433226ba5d17336d4e2c794
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed