Came across a few interesting tidbits in the Internet Security Systems report that I am subscribed to. If you're not already subscribed, you should be.
Date Reported: 09/18/2002
Brief Description: HAMweather hwadmin.cgi script allows Web
administration access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Unix Any version, HAMweather
2.x
Vulnerability: hamweather-hwadmin-web-admin
X-Force URL: http://www.iss.net/...ter/static/10182.php
Date Reported: 09/22/2002
Brief Description: phpWebSite modsecurity.php could be used to include
remote PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, modsecurity.php prior to 1.11,
Unix Any version, phpWebSite Stable - 0.8.2
Vulnerability: phpwebsite-modsecurity-file-include
X-Force URL: http://www.iss.net/...ter/static/10164.php
Date Reported: 09/23/2002
Brief Description: HP VVOS Apache mod_ssl denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Apache HTTP Server Any version, HP-UX 11.04 VVOS,
HP VirtualVault 4.5, HP VirtualVault 4.6
Vulnerability: hp-vvos-modssl-dos
X-Force URL: http://www.iss.net/...ter/static/10206.php
Date Reported: 09/24/2002
Brief Description: vBulletin calendar.php could allow remote command
execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, vBulletin 2.2.0 and earlier
Vulnerability: vbulletin-calendar-command-execution
X-Force URL: http://www.iss.net/...ter/static/10176.php
Date Reported: 09/24/2002
Brief Description: PHP-Nuke search request cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, PHP-Nuke 6.0
Vulnerability: phpnuke-search-xss
X-Force URL: http://www.iss.net/...ter/static/10177.php
Date Reported: 09/25/2002
Brief Description: PHP-Nuke modules.php script SQL injection denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Unix Any version, PHP-Nuke 6.0 and earlier
Vulnerability: phpnuke-modules-sql-dos
X-Force URL: http://www.iss.net/...ter/static/10193.php
For info about subcribing to this list, go to:
http://www.iss.net/
========================================
Buh Bye!
Cheers,
Me
Quote:
Date Reported: 09/18/2002
Brief Description: HAMweather hwadmin.cgi script allows Web
administration access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, Unix Any version, HAMweather
2.x
Vulnerability: hamweather-hwadmin-web-admin
X-Force URL: http://www.iss.net/...ter/static/10182.php
Date Reported: 09/22/2002
Brief Description: phpWebSite modsecurity.php could be used to include
remote PHP files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, modsecurity.php prior to 1.11,
Unix Any version, phpWebSite Stable - 0.8.2
Vulnerability: phpwebsite-modsecurity-file-include
X-Force URL: http://www.iss.net/...ter/static/10164.php
Date Reported: 09/23/2002
Brief Description: HP VVOS Apache mod_ssl denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Apache HTTP Server Any version, HP-UX 11.04 VVOS,
HP VirtualVault 4.5, HP VirtualVault 4.6
Vulnerability: hp-vvos-modssl-dos
X-Force URL: http://www.iss.net/...ter/static/10206.php
Date Reported: 09/24/2002
Brief Description: vBulletin calendar.php could allow remote command
execution
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, vBulletin 2.2.0 and earlier
Vulnerability: vbulletin-calendar-command-execution
X-Force URL: http://www.iss.net/...ter/static/10176.php
Date Reported: 09/24/2002
Brief Description: PHP-Nuke search request cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, PHP-Nuke 6.0
Vulnerability: phpnuke-search-xss
X-Force URL: http://www.iss.net/...ter/static/10177.php
Date Reported: 09/25/2002
Brief Description: PHP-Nuke modules.php script SQL injection denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Unix Any version, PHP-Nuke 6.0 and earlier
Vulnerability: phpnuke-modules-sql-dos
X-Force URL: http://www.iss.net/...ter/static/10193.php
For info about subcribing to this list, go to:
http://www.iss.net/
========================================
Buh Bye!
Cheers,
Me
IIS Security Report: Interesting reports for Programmers/Users (example: Perl/PHP)