Common vulnerabilities in server systems and software

Source: Internet
Author: User
Tags http digest authentication imap php session php form php ziparchive apache tomcat cve dtls

Common vulnerabilities in server systems and software
Vulnerability Name
Allow traceroute detection
The Remote WWW service supports trace requests
Remote WWW service provides support for WebDAV
/robots.txt file exists on the remote Web server
Remote VNC service is running
Remote HTTP server type and version information leaks
Remote DNS service allows recursive queries
Remote proxy Server allows connection to any port
Remote proxy server accepts post requests
Remote VNC HTTP service is running
Use SMB sessions to get a list of remote domains or workgroups
Use SMB sessions to get a remote browse list
Take advantage of SMB sessions to get a remote shared list
Use SMB sessions to obtain target host configuration information
Use SMB sessions to obtain Transport layer protocol information managed by RDR
Can get remote native Lan Manager version
Remote host can be accessed through a null session
DNS server can be remotely managed via RPC
System information can be obtained remotely via the NetBIOS name service port
Remote WWW service version information can be obtained via HTTPS
Remote Rpcbind/portmap is detected in operation
Remote RPC.STATD Service is detected to be running
Remote Rpc.rquotad Service is detected to be running
Remote Rpc.nlockmgr Service is detected to be running
Remote RPC.NFSD Service is detected to be running
Remote RPC.MOUNTD Service is detected to be running
Remote LDAP Service detected to be running
The remote DNS service is detected to be running
Remote CIS service is detected to be running
The target host is detected to support the SSLV2 protocol
Windows Terminal Services running on target host detected
NTP service running on target host detected
The target host is detected to open the 445/tcp while the 139/tcp shuts down
Encryption algorithm supported by target host encrypted communication detected
The target service is detected to support SSL medium strength encryption algorithm
The target service is detected to support SSL weak encryption algorithm
Target NTP service supported Monlist command detected
The Workstation service is running
Server service is running
Multiple TLS and DTLS implementation Information Disclosure Vulnerability (CVE-2013-0169)
There is an available remote proxy server
Windows Terminal Server communication encryption level check
Windows Admin Share Startup
Windows Server services RPC Request buffer Overflow Vulnerability (ms08-067) [principle scan]
Windows Browser service is running
THC SSL Dos attack
SSH version information can be obtained
PHP Resource Management Error Vulnerability
PHP Directory Traversal Vulnerability (CVE-2012-1172)
PHP null character security limit Bypass Vulnerability (cve-2006-7243)
PHP Session Serializer Data Injection vulnerability
PHP multiple NULL pointer Reference denial of service Vulnerability (CVE-2011-3182)
PHP form File upload path injection vulnerability
PHP "phar/phar_object.c" format string vulnerability
PHP "OpenSSL" extends multiple denial of service vulnerabilities
PHP "crypt ()" MD5 Salt Security vulnerability
PHP arbitrary file leaks and arbitrary file write vulnerabilities (cve-2013-1643)
PHP arbitrary file leaks and arbitrary file write vulnerabilities (cve-2013-1635)
PHP ziparchive::getarchivecomment () function null pointer Reference denial of service vulnerability
PHP Zend Engine interrupts handling multiple address information disclosure vulnerabilities
Reuse heap corruption vulnerability after PHP Zend Engine release (cve-2010-4697)
PHP zend_strtod function Malformed floating-point value number Error vulnerability
PHP WordWrap () function interrupt handling address information Disclosure vulnerability
PHP Web Table Tanhashi Conflict Denial of service vulnerability
PHP trim ()/ltrim ()/rtrim () function interrupt Information Disclosure vulnerability
PHP substr_replace () function interrupt Information Disclosure vulnerability
PHP STRTR () function interrupt handling address information Disclosure vulnerability
PHP strtok () function interrupt handling address information Disclosure vulnerability
PHP strip_tags () function interrupt handling address information Disclosure vulnerability
PHP Stream Component Remote denial of service vulnerability
PHP Str_word_count () function interrupt handling address information Disclosure vulnerability
PHP Str_pad () function interrupt handling address information Disclosure vulnerability
PHP sqlite_single_query () and Sqlite_array_query () functions Remote Code Execution vulnerability
PHP Shm_put_var () Access freed resource vulnerability
PHP Setcookie () function interrupt handling address information Disclosure vulnerability
PHP Session_save_path () bypasses Safe_mode and Open_basedir limitation vulnerabilities
PHP Preg_quote () Interrupt Information Disclosure Vulnerability
PHP Preg_match () function interrupt handling Information Disclosure vulnerability
PHP Php_dechunk () HTTP block-coded integer Overflow vulnerability
PHP PDO Memory Access violation denial of service vulnerability
PHP parse_str () function interrupts Memory Corruption vulnerability
PHP ' open_basedir ' Security restriction Bypass vulnerability
PHP numberformatter::getsymbol function Integer Overflow vulnerability
PHP Mysqlnd Extended Php_mysqlnd_rset_header_read () function heap Overflow vulnerability
PHP Mysqlnd Extended php_mysqlnd_read_error_from_line () function heap Overflow vulnerability
PHP Mysqlnd Extended Php_mysqlnd_ok_read () function Information Disclosure Vulnerability
PHP Mysqlnd Extended Php_mysqlnd_auth_write () function Stack Overflow Vulnerability
PHP libxslt Security Restriction Bypass vulnerability
PHP IMAP extension imap_do_open function double Release vulnerability
PHP Html_entity_decode () Interrupt Address Information Disclosure vulnerability
PHP ' header () ' HTTP header injection vulnerability
PHP hash_update_file () function access freed resource vulnerability
PHP ' getimagesize () ' Remote denial of service vulnerability
PHP Fnmatch () function stack Exhaustion Vulnerability
PHP ext/phar/stream.c and EXT/PHAR/DIRSTREAM.C files multiple format string vulnerabilities
PHP exif extension EXIF.C denial of service vulnerability
PHP Exif Extension "exif_read_data ()" Function remote denial of service vulnerability
PHP crypt function Buffer Overflow Vulnerability
PHP Chunk_split () Interrupt Information Disclosure Vulnerability
PHP Calendar Extension "Sdntojulian ()" Remote integer Overflow vulnerability
PHP addcslashes () Interrupt Information Disclosure Vulnerability
PHP 5.3.9 Previous version strtotime function call remote deny access vulnerability
PHP 5.3.7 Previous version null pointer Reference denial of service vulnerability
PHP 5.3.7 Previous Versions multiple vulnerabilities
PHP "Zip" extension "zip_fread ()" Function denial of service vulnerability
PHP "Zip" extension "stream_get_contents ()" Function denial of service vulnerability
PHP "Substr_replace ()" After free reuse of remote memory Corruption vulnerability
PHP "socket_connect ()" Function stack buffer Overflow vulnerability
PHP "Shmop_read ()" Remote integer Overflow vulnerability
PHP "Intl" extension "numberformatter::setsymbol ()" Function denial of service vulnerability
PHP "/imap/php_imap.c" released after the re-use of remote Code execution vulnerability
PHP ' query_string ' parameter security vulnerability
PHP ' _php_stream_scandir () ' Buffer Overflow vulnerability
PHP "Zend_strtod ()" function malformed floating-point value denial of service vulnerability
PHP "Xml_utf8_decode ()" UTF-8 data decoding input Validation vulnerability
PHP "Setsymbol ()" Function denial of service vulnerability
PHP "MAGIC_QUOTES_GPC" Directive security restriction Bypass Vulnerability
PHP "Getsymbol ()" Function denial of service vulnerability
PHP "_zip_name_locate ()" Null pointer reference denial of service vulnerability
Oracle Database server Warehouse Builder Component Remote Vulnerability
Oracle database server remote non-authorized access vulnerability to DB Vault component
Oracle database Server DACL multiple unsafe permissions Vulnerability
Oracle database server Create any directory privilege elevation vulnerability
Oracle Database access restriction Bypass vulnerability
Oracle database pitrig_dropmetadata process Remote Overflow Vulnerability
Oracle Database Network foundation Component Remote denial of service vulnerability
Versions of Oracle Tnslsnr can be queried
Oracle TNS Listener giop remote denial of service and information Disclosure vulnerability
Oracle DBMS bypasses Login access Control Vulnerability (CVE-2006-0552)
Oracle DBMS bypasses Login access Control Vulnerability (CVE-2006-0291)
Oracle Dbms_assert Security Module Bypass Vulnerability
Oracle Database Vault Remote security vulnerability
Oracle Database Target Type Menus Remote security Vulnerability (CVE-2011-2257)
Oracle database spatial data type handles SQL injection vulnerabilities
Oracle database server Remote Database Vault Vulnerability (CVE-2011-2238)
Oracle Database Server Remote core RDBMS Vulnerability (cve-2011-2253)
Oracle Database Server Remote core RDBMS Vulnerability (CVE-2011-2230)
Oracle Database Server and Fusion Middleware help components open vulnerabilities
Oracle Database Server and Enterprise Manager Grid Security Vulnerability (cve-2011-2244)
Oracle Database Server and Enterprise Manager Grid Control Schema Management Component Remote security vulnerability
Oracle Database server/collaboration suite/e-business Suite ' Workflow cartridge ' open vulnerability
Oracle Database Server Remote RDBMS Core Vulnerability (CVE-2012-0534)
Oracle Database Server Remote Oracle Spatial Vulnerability (CVE-2012-0552)
Oracle Database Server Remote Enterprise Manager Base Platform Vulnerability (cve-2012-0528)
Oracle Database Server Remote Enterprise Manager Base Platform Vulnerability (cve-2012-0527)
Oracle Database Server Remote Enterprise Manager Base Platform Vulnerability (cve-2012-0526)
Oracle Database Server Remote Enterprise Manager Base Platform Vulnerability (CVE-2012-0520)
Oracle Database Server Remote Enterprise Config Management Vulnerability (CVE-2011-0831)
Oracle Database Server Remote core RDBMS Vulnerability (cve-2012-0510)
Oracle database Server ' TNS Listener ' Remote Data Poisoning vulnerability
Oracle Database Server RDBMS remote core RDBMS Vulnerability (cve-2011-2239)
Oracle Database Server Network layer component Remote network Tier denial of service Vulnerability (cve-2012-1747)
Oracle Database Server Network layer component Remote network Tier denial of service Vulnerability (cve-2012-1746)
Oracle Database Server Network layer component Remote network Tier denial of service Vulnerability (cve-2012-1745)
Oracle Database Server Listener Remote denial of service Vulnerability (cve-2012-0072)
Oracle Database Server Enterprise Manager Console remote security Vulnerability (CVE-2011-0876)
Oracle Database Server Database Vault Local Information Disclosure vulnerability
Oracle Database Server Database Vault "dv_acctmgr" Permission remote security restriction Bypass vulnerability
Oracle Database Server Core RDBMS Component Remote Vulnerability (CVE-2012-3151)
Oracle Database Server Core RDBMS Component Remote Vulnerability (CVE-2012-3146)
Oracle Database Server Core RDBMS remote denial of service vulnerability
Oracle Database Server Cluster Verify Utility Local privilege elevation vulnerability
Oracle Database ' Ctxsys. CONTEXT ' Index privilege elevation vulnerability
Oracle Database Core RDBMS Components Open Vulnerability (cve-2007-2108, cve-2007-2109, etc.)
Oracle Database Advanced Replication Component Open Vulnerability (cve-2007-2116)
Oracle Database "exp.exe" parameter file remote buffer Overflow Vulnerability
Oracle Database Auth_alter_session Property Security Bypass and arbitrary SQL statement Execution Vulnerability
Oracle January 2008 Update fixes multiple security vulnerabilities
Oracle April 2007 Update fixes multiple security vulnerabilities
Oracle January 2007 Update fixes multiple security vulnerabilities (cve-2006-4343)
Oracle July 2006 Update fixes multiple security vulnerabilities
Oracle 10g dbms_export_extension stored Procedure Remote SQL Injection Vulnerability
OpenSSL multiple remote denial of service Vulnerability (CVE-2013-0166)
OpenSSL multiple security vulnerabilities
OpenSSL S/MIME header handles null pointer reference denial of service vulnerability
OpenSSL kssk_keytab_is_available () Remote denial of service vulnerability
OpenSSL dtls Remote denial of service (cve-2012-2333)
OpenSSL CRL Bypass and ECDH denial of service vulnerability
OpenSSL CMS fabric handles Memory Corruption Vulnerability (CVE-2010-0742)
OpenSSL CMS/PKCS #7 decryption for security vulnerabilities
OpenSSL "Asn1_d2i_read_bio ()" Der Format Data Processing Vulnerability
OpenSSH ' ssh_gssapi_parse_ename () ' Function denial of service vulnerability
Nginx DNS resolver remote heap buffer Overflow Vulnerability
MS SQL Server Real version information disclosure
Microsoft Remote Desktop Protocol RDP Remote Code executable Vulnerability (MS12-020) "Principle Scan"
Microsoft Windows Remote Desktop Protocol Man-in-the-middle attack vulnerability
Microsoft Windows SMB Pathname Remote Overflow Vulnerability (MS10-012) [based on ms09-001]
Microsoft Windows SMB Pool Overflow Remote Code execution Vulnerability (ms10-054) [based on ms09-001]
Microsoft Windows SMB Operations Resolution Remote Code Execution Vulnerability (MS11-020) "Principle Scan"
Microsoft Windows SMB write_andx processing Denial of service Vulnerability (MS09-001) "Principle Scan"
Microsoft Windows SMB NT trans Request buffer Overflow Vulnerability (MS09-001) "Principle Scan"
Microsoft Windows SMB NT Trans2 Request remote denial of service and Code execution Vulnerability (MS09-001) "Principle Scan"
Microsoft SQL Server database service is running
LDAP server allows null base attribute
ICMP Timestamp Request Response Vulnerability
FTP Server version information can be obtained
DCE/RPC Service Enumeration Vulnerability
Apache Server Incomplete HTTP request Denial of service vulnerability [principle scan]
Apache non-defined character encoding cross-site vulnerability
Apache Tomcat Request object Security Restriction Bypass vulnerability
Apache Tomcat Denial of service Vulnerability (cve-2012-2733)
Apache Tomcat parameter Handling Denial of service Vulnerability (CVE-2012-0022)
Apache Tomcat Resource Management Error Vulnerability
Apache Tomcat Cross-site request forgery vulnerability
Apache Tomcat Web Table Tanhashi Conflict Denial of service vulnerability
Apache Tomcat WebDAV Remote Information Disclosure vulnerability
Apache Tomcat Slowloris Tool Denial of service vulnerability
Apache Tomcat sendfile Request Security limit Bypass and denial of service vulnerability
Apache Tomcat SecurityManager Security Policy Bypass vulnerability
Apache Tomcat replay-countermeasure Feature security vulnerability
Apache Tomcat NiO Connector Denial of service vulnerability
Apache Tomcat NIO Connector Denial of service vulnerability
Apache Tomcat JVM Remote denial of service vulnerability
Apache Tomcat HTTP Digest authentication multiple security vulnerabilities
Apache Tomcat HTTP Digest Access Authentication Implementation Security Vulnerability (CVE-2012-5887)
Apache Tomcat HTTP Digest Access Authentication Security Restriction Bypass vulnerability
Apache Tomcat HTTP Digest Access Authentication Security Bypass Vulnerability (cve-2012-5886)
Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
Apache Tomcat Form Authentication Security Bypass Vulnerability
Apache Tomcat AJP Protocol Security Restriction Bypass vulnerability
Apache Tomcat "memoryuserdatabase" Information Disclosure vulnerability
Apache TOMCA Digest Authentication Multiple security vulnerabilities (cve-2012-3439)
Apache mod_proxy Module Remote denial of service vulnerability
Apache mod_proxy Reverse proxy denial of service vulnerability
Apache mod_proxy_http Module Timeout handling Information Disclosure vulnerability
Apache mod_proxy_ftp Module Remote Command Injection vulnerability
Apache mod_proxy_ftp Module Cross-site script execution vulnerability
Apache mod_proxy_ftp module NULL pointer Reference denial of service vulnerability
Apache mod_proxy_balancer Module Cross-site script execution vulnerability
Apache Mod_proxy_balancer Module Multiple cross-site scripting vulnerability
Apache mod_proxy_balancer Denial of service vulnerability
Apache MOD_PROXY_AJP Module Inbound Request message Remote denial of service vulnerability
Apache mod_deflate Module Remote denial of service vulnerability
Apache HTTP Server 403 error page cross-site Scripting vulnerability
Apache HTTP Server Denial of service vulnerability
Apache HTTP Server Malformed range and range-request option handles remote denial of service vulnerability "principle scan"
Apache HTTP Server Malformed HTTP Mode 413 error page cross-site Scripting vulnerability
Apache HTTP Server worker process multiple local denial of service vulnerability
Apache HTTP Server Scoreboard Local Security restriction bypass vulnerability
Apache HTTP Server mod_status Module cross-site script execution vulnerability
Apache HTTP Server mod_status module Cross-site Scripting vulnerability
Apache HTTP Server mod_proxy Reverse proxy mode security Restriction Bypass vulnerability
Apache HTTP Server mod_proxy_ajp Denial of service vulnerability
Apache HTTP Server mod_proxy Reverse proxy mode security Restriction Bypass vulnerability
Apache HTTP Server mod_cache Module Denial of service vulnerability
Apache HTTP Server mod_cache and Mod_dav module Remote denial of service vulnerability
Apache HTTP Server ' ld_library_path ' Unsafe library loading arbitrary Code execution Vulnerability
Apache HTTP Server ' ap_pregsub () ' function local denial of service vulnerability
Apache HTTP Server allowoverride option bypasses security restrictions vulnerability
Apache HTTP Server "HttpOnly" Cookie Information Disclosure vulnerability
Apache HTTP Server "ap_pregsub ()" Function denial of service vulnerability
Apache HTTP Server "ap_pregsub ()" Function local privilege elevation vulnerability
Apache HTTP Server "mod_proxy" Reverse proxy security Restriction Bypass vulnerability
Apache Commons Daemon "jsvc" Information Disclosure vulnerability
Apache ARP libray Remote denial of service vulnerability
Apache Apache HTTP Server mod_proxy_ajp Module Denial of service vulnerability
Apache HTTP Server multiple module host name and URI cross-site Scripting Vulnerability (cve-2012-3499)
Ajaxplorer remote command injection and local file Disclosure Vulnerability "principle scan"

Common vulnerabilities in server systems and software

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.