VARIoT IoT vulnerabilities database

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. FSO allows calls to be made utilizing "../" to exit the local directory path. An example of this syntax would be: http://www.server.foo/showfile.asp?file=../../global.asa This vulnerability could be used to view the source code of ASP files or stream data into other ASP files on the web server

WS_FTP server remote denial of service through cwd command. Issuing a CWD command (as a logged in user) with more than 876 characters will stop the Server from responding to FTP requests. There is a vulnerability in the WS_FTP server

SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. The PLP Line Printer Control program, shipped with S.u.S.E. 5.2 is vulnerable to a local remote buffer overflow. You can determine whether you're vulnerable or not by typing 'lpc'. If you're presented with an lpc version number, you're vulnerable. The consequences of lpc exploitation are root access for a local user

IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. A security vulnerability exists in IPswitch WS_FTP

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. An IIS4 sample site "ExAir" has three ASP pages, that if called directly without having the sample site dlls running, will cause the server CPU to increase to 100%. These pages include: Exair - root/search/advsearch.asp Exair - root/search/query.asp Exair -root/search/search.asp

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). Microsoft IIS Is ISAPI Mapped to extension by extension idq And .pl Files that do not actually exist GET Upon receiving the request, With error message Web A vulnerability exists that displays the absolute path of the root directory.You may get important information about your system. This can happen if the file is referenced as the target of the GET or passed in a variable to a script that looks for the file. Example: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\InetPub\scripts\ bogus.pl": No such file or directory

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. IIS is prone to a denial-of-service vulnerability

Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. Microsoft Visual InterDev 6.0 client is prone to vulnerability that permits attackers to gain unauthorized access to the affected application. Reportedly, a Visual InterDev 6.0 client may be able to connect to an IIS4 Web Server and manage the website without requiring any user auhentication. This issue may be associated with security permissions applied by FrontPage tools. It is unclear exactly what is allowing this to happen or under what combination of Service Pack / hotfix this may occur

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. Web-based administration for IIS 4.0 is, by default, limited to the local loopback address, 127.0.0.1. In instances where IIS4.0 was installed as an upgrade to IIS 2.0 or 3.0, a legacy ISAPI DLL (ISM.DLL) is left in the /scripts/iisadmin directory. An attacker may call this DLL via the following syntax: http://www.server.com/scripts/iisadmin/ism.dll?http/dir This URL prompts the user for a username/password to access the remote administration console

Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port. Vulnerabilities exist in Cisco IOS 12.0 and other releases

Cisco devices running classic IOS are reported prone to a denial of service vulnerability. The issue occurs when a vulnerable device receives and processes a UDP packet on UDP port 514 for syslog. This issue results in a crash or hang requiring a reboot. Vulnerable IOS software may be found on the following Cisco devices: - Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, ubr9xx, 1xxx, 25xx, 26xx, 30xx, 36xx, 38xx, 40xx, 45xx, 47xx, AS52xx, AS53xx, AS58xx, 64xx, 70xx, 72xx (including the ubr72xx), 75xx, and 12xxx series. -Recent versions of LS1010 ATM switch. -Catalyst 2900XL LAN switch. -Cisco DitributedDirector.

IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. Progress Software IPswitch IMail is an email server of Progress Software Company in the United States. A security vulnerability exists in Progress Software IPswitch IMail