Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.
58071b7e5bee17ef6c7ced456689cebfThere is a vulnerability in Oracle Web Listener where a resource can be accessed when is shouldn't be able to be accessed.
912d8d571296183ce54946db98af4bdcFormHandler.cgi uses hard coded physical path names for templates so it is possible to read any file on the system.
a91e008cd0b17c68a520cf6500b96b30IPC$Crack Ver 2.0 - IPC$Crack is a command line based program that uses a dictionary based attack to attempt to learn the password of an account on an NT box. For Win95/98/NT.
23666816a84248b728109b603dadf37aBad permissions on Windows NT ProfileList registry subkeys allow any malicious NT user to cause other users of the system to load a "trojaned" profile that could lead to a system compromise. Exploit description and vendor solution included.
f32b841d5f7b41b4cc21f65c576c4173Microsoft's Index Server 2.0 allows anybody to discover the physical path to directories being indexed, or if a directory found in a network share is being indexed, they can learn the name of the machine on which the share resides and the name of the user account used to access that share on behalf of Index and Internet Information Server 4.
121e166ddb192f0799e4f177fe106c37
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed