漏洞类别:CGI漏洞等级: 漏洞信息 "shtml.exe" is a component of the Frontpage package. Microsoft IIS Versions 4.0 and 5.0 contain a vulnerability that may disclose the local path of HTML, HTM, ASP and SHTML files. Requesting a non-existent file from shtml.dll will result in …
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS Version 5.0 has a dedicated scripting engine for advanced file types, such as ASP, ASA, and HTR files. The scripting engine handles requests for these file types, processes them accordingly, and then executes them on the…
漏洞类别:Web server漏洞等级: 漏洞信息 The remote Web server appears to be running with Frontpage Extensions. On a default installation of Frontpage Extensions, a virtual directory "/_vti_bin/" is created. Most scanner tools scan this directory because vulnerabilities have…
漏洞类别:Web server漏洞等级: 漏洞信息 The remote Web server appears to be running with Frontpage Extensions. On a default installation of Frontpage Extensions, a virtual directory /_vti_pvt/ is created. It may contain configuration files and encrypted password files. Unsp…
漏洞类别:Web server漏洞等级: 漏洞信息 If this is reported as a vulnerability, the "iissamples" directory is found present on your Microsoft IIS Web server. If this is reported as a potential vulnerability, the "iissamples" directory is probably present, based on the HTTP …
漏洞类别:Web server漏洞等级: 漏洞信息 On a default installation of Microsoft IIS (Internet Information Server) Version 4, the "/iisadmpwd" virtual directory is created. For IIS Version 5, although not installed by default, this can be easily created manually. This package…
漏洞类别:Web server漏洞等级: 漏洞信息 CGI scripts are usually placed in the cgi-bin Web directory. Listing of files in your cgi-bin directory is allowed. 漏洞危害 By browsing the cgi-bin directory, unauthorized users can obtain a list of all CGI scripts present on your server…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS (Internet Information Server) widely uses Active Server Pages (ASP). These scripts are similar to PHP pages on Apache servers. Microsoft IIS Versions 3.0 and 4.0 contain a vulnerability that allows unauthorized users to …
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS (Internet Information Server) Version 4.0 ships with an ISAPI application called webhits.dll, which provides hit-highlighting functionality for Index Server. webhits.dll dispatches files with an .htw extension. webhits.d…
漏洞类别:Web server漏洞等级: 漏洞信息 The Microsoft IIS Web server discloses its absolute path when responding to a request for a non-existent ida or idq file. 漏洞危害 By exploiting this vulnerability, unauthorized users can exploit the absolute path of the Web server to imp…
漏洞类别:Web server漏洞等级: 漏洞信息 A component of Microsoft IIS Index Server allows unauthorized users to dump the contents of any file on the Web site. This vulnerability is contained in the 'null.htw' file, which can be tricked into disclosing ASP source code. 漏洞危害 I…
漏洞类别:Web server漏洞等级: 漏洞信息 Zeus Web Server is a scalable, high-performance Web server software by Zeus Technology. Versions 3.1 through 3.3.5 contain a vulnerability that discloses the source of CGI scripts. 漏洞危害 Unauthorized users can view the sources of every…
漏洞类别:Web server漏洞等级: 漏洞信息 Htimage.exe and Imapemap.exe are components of the Microsoft FrontPage 97 and 98 Server Extensions. They provide server side image mapping support for legacy browsers. These components contain unchecked buffers that could be exploited…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft Index Server is a search engine that is integrated with Microsoft IIS (Internet Information Server) and Windows NT. It allows users to perform full-text searches of online sites using their browsers. Index Server Versions 4.…
漏洞类别:Web server漏洞等级: 漏洞信息 Savant is a freeware, open-source, Web server that runs on Windows 95, 98, ME, NT, and 2000. Savant Web Server Version 2.0 is vulnerable to a buffer overflow. 漏洞危害 If successfully exploited, unauthorized remote users can shut down the…
漏洞类别:Web server漏洞等级: 漏洞信息 ZBSoft's ZBServer software allows standard network Windows computer users to install, configure and manage their own Internet/Intranet server. The ZBServer Pro Web Server Version 1.5 is vulnerable to a buffer overflow. 漏洞危害 If success…
漏洞类别:Web server漏洞等级: 漏洞信息 PHP is a scripting language used with Web servers. PHP's security mode (called safe_mode) can be bypassed. This vulnerability is particularly severe for ISPs or dedicated servers hosting Web pages that enable their users to create PHP…
漏洞类别:Web server漏洞等级: 漏洞信息 The Microsoft IIS Web server discloses its absolute path when responding to a request for a non-existent URL that would be interpreted by Perl (perl.exe). 漏洞危害 By exploiting this vulnerability, unauthorized users can exploit the absol…
漏洞类别:CGI漏洞等级: 漏洞信息 A vulnerability exists in the sample cgi-bin program, phf, which is included with NCSA HTTPd, and Apache Version 1.0.3, an NCSA derivitive. By supplying certain characters that have special meaning to the shell, arbitrary commands can be exe…
漏洞类别:Web server漏洞等级: 漏洞信息 WebSite Professional Versions 2.3 and 2.4, a Web server by O'Reilly, discloses it's absolute path. This vulnerability was detected by requesting a non-existent document. The server replied with an error message containing the absolute…
漏洞类别:RPC 漏洞等级: 漏洞信息 A port scanner was used to draw a map of all the RPC services accessible from the Internet. 漏洞危害 Unauthorized users can subsequently test vulnerabilities related to each of the services open. 解决方案 Shut down any unknown or unused service on …
漏洞类别:Windows漏洞等级: 漏洞信息 Default Password is enabled in the registry. This check has been merged with QID 90006 "Enabled Auto Admin Logon". This entry is used for older 2006 scan results, please note that an Asset Search query will generate an "QID does not exis…
漏洞类别:Windows 漏洞等级: 漏洞信息 An internal modem was detected on this host. (This detection is deprecated) 漏洞危害 This modem is a possible way for local users to create open links outside your network. This link can then be used to send sensitive data outside your netw…
漏洞类别:Web server 漏洞等级: 漏洞信息 Savant is a freeware Web server for Microsoft Windows 9x and NT. Savant incorporates many features, including CGI scripting. Savant contains a vulnerability that allows unauthorized users to retrieve the source code of CGI scripts us…
漏洞类别:Hardware 漏洞等级: 漏洞信息 Unauthorized users can read the last commands that were typed on the Cisco console. This vulnerability only discloses commands that were interpreted by the Cisco router, either during a local session if the Cisco router is accessed fro…