漏洞类别:Web server漏洞等级: 漏洞信息 PHP is a scripting language used with Web servers. PHP's security mode (called safe_mode) can be bypassed. This vulnerability is particularly severe for ISPs or dedicated servers hosting Web pages that enable their users to create PHP…
漏洞类别:Web server漏洞等级: 漏洞信息 The Microsoft IIS Web server discloses its absolute path when responding to a request for a non-existent URL that would be interpreted by Perl (perl.exe). 漏洞危害 By exploiting this vulnerability, unauthorized users can exploit the absol…
漏洞类别:CGI漏洞等级: 漏洞信息 A vulnerability exists in the sample cgi-bin program, phf, which is included with NCSA HTTPd, and Apache Version 1.0.3, an NCSA derivitive. By supplying certain characters that have special meaning to the shell, arbitrary commands can be exe…
漏洞类别:Web server漏洞等级: 漏洞信息 WebSite Professional Versions 2.3 and 2.4, a Web server by O'Reilly, discloses it's absolute path. This vulnerability was detected by requesting a non-existent document. The server replied with an error message containing the absolute…
漏洞类别:RPC 漏洞等级: 漏洞信息 A port scanner was used to draw a map of all the RPC services accessible from the Internet. 漏洞危害 Unauthorized users can subsequently test vulnerabilities related to each of the services open. 解决方案 Shut down any unknown or unused service on …
漏洞类别:Windows漏洞等级: 漏洞信息 Default Password is enabled in the registry. This check has been merged with QID 90006 "Enabled Auto Admin Logon". This entry is used for older 2006 scan results, please note that an Asset Search query will generate an "QID does not exis…
漏洞类别:Windows 漏洞等级: 漏洞信息 An internal modem was detected on this host. (This detection is deprecated) 漏洞危害 This modem is a possible way for local users to create open links outside your network. This link can then be used to send sensitive data outside your netw…
漏洞类别:Web server 漏洞等级: 漏洞信息 Savant is a freeware Web server for Microsoft Windows 9x and NT. Savant incorporates many features, including CGI scripting. Savant contains a vulnerability that allows unauthorized users to retrieve the source code of CGI scripts us…
漏洞类别:Hardware 漏洞等级: 漏洞信息 Unauthorized users can read the last commands that were typed on the Cisco console. This vulnerability only discloses commands that were interpreted by the Cisco router, either during a local session if the Cisco router is accessed fro…
漏洞类别:Web server 漏洞等级: 漏洞信息 ntop is a network usage monitoring tool for Unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via HTTP with the -w parameter (Web mode). Starting ntop in Web mode allows remote ac…
漏洞类别:Web server 漏洞等级: 漏洞信息 Viking Server is a Web server developed by Robotex. Several buffer overflows have been detected in this Web server. A malicious user can crash the Viking Server by issuing a large "GET" request or setting one of the "Unless-Modified-…
漏洞类别:Information gathering 漏洞等级: 漏洞信息 The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section. 漏洞危害 解决方案 1999-01-01 08:00:00 0day
漏洞类别:Web server 漏洞等级: 漏洞信息 Worm HTTPd is a free Web server created by Jeremy Arnold (Wormonline Software). It's possible to request files outside of the Web root by using "double dot" character sequences to traverse parent directories. 漏洞危害 If a malicious user…
漏洞类别:Web server 漏洞等级: 漏洞信息 MDaemon is an e-mail server that supports most common Internet mail protocols offered by Alt-N Technologies. It's an SMTP/POP3 server for Windows (95/98/NT). The Web server is used as a remote administration tool. Version 3.1.1 conta…
漏洞类别:General remote services 漏洞等级: 漏洞信息 The OpenSSL Project is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols as well as a general purpose cryptography library. OpenSSL contains the followi…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that OpenSSL incorrectly handled the OCSP Status Request extension. It was discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. It was discovered that OpenSSL did not properly use constan…
漏洞类别:Local 漏洞等级: 漏洞信息 Safari is a Web browser developed by Apple. The target is missing the Safari 10 update. This update resolve multiple issues in Safari and WebKit. 漏洞危害 Successful exploitation of these vulnerabilities will allow an attacker to execute arbi…
漏洞类别:Local 漏洞等级: 漏洞信息 HPE Data Protector software provides comprehensive data backup and recovery across physical, virtual and hybrid environments. Hewlett Packard Enterprise is announcing the version discontinuancediscontinuance of HP Data Protector 8.0x Affe…
漏洞类别:Local 漏洞等级: 漏洞信息 HPE Data Protector software provides comprehensive data backup and recovery across physical, virtual and hybrid environments. Hewlett Packard Enterprise is announcing the version discontinuancediscontinuance of HP Data Protector 7.0x Affe…
漏洞类别:Local 漏洞等级: 漏洞信息 Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android. The Mozilla Foundation has released updates to address multiple vulnerabilities in Firefox. A heap overflow may occur…
漏洞类别:Security Policy 漏洞等级: 漏洞信息 Radia Client Automation software is an end-user device (PC and mobile device) lifecycle management tool for automating routine client-management tasks such as operating system deployments and upgrades, patch management, applicat…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2015-3202: It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-4450: 1341462: CVE-2016-4450 nginx: NULL pointer dereference while writing client request body A problem was identified in nginx code r…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-4449: 1338701: CVE-2016-4449 libxml2: Inappropriate fetch of entities content XML external entity (XXE) vulnerability in the xmlStringL…
漏洞类别:Amazon Linux 漏洞等级: 漏洞信息 Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-4956: ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change)…