{"type": "osvdb", "published": "2000-10-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6486", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "viewCount": 3, "edition": 1, "reporter": "Shigio Yamaguchi(shigio@tamacom.com)", "title": "Multiple Vendor Global global.cgi Command Execution", "affectedSoftware": [{"operator": "eq", "version": "3.55", "name": "Global"}, {"operator": "eq", "version": "3.55", "name": "Global"}, {"operator": "eq", "version": "3.55", "name": "Global"}, {"operator": "eq", "version": "3.55", "name": "Global"}, {"operator": "eq", "version": "3.55", "name": "Global"}, {"operator": "eq", "version": "3.55", "name": "Global"}], "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2017-04-28T13:20:01", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2000-0952"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231011748"]}, {"type": "nessus", "idList": ["DANGEROUS_CGIS.NASL"]}], "modified": "2017-04-28T13:20:01", "rev": 2}, "vulnersScore": 7.3}, "references": [], "id": "OSVDB:6486", "lastseen": "2017-04-28T13:20:01", "cvelist": ["CVE-2000-0952"], "modified": "2000-10-24T00:00:00", "description": "## Vulnerability Description\nThe Global package global.cgi contains a flaw that may allow a malicious user to execute arbitrary shell commands. The issue is triggered due to due to insufficient handling of quoted or escaped characters in this version, and command line arguments are then handed off to shell commands. It is possible that the flaw may allow remote command execution resulting in a loss of integrity\n## Solution Description\nUpgrade to the newest version of global-4.0.1, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): \nmodify the file\n'HTML/cgi-bin/global.cgi' around line 35, and change the generated HTML\nfrom:\n$pattern =~ s/'//g; # to shut security hole\nto\n$pattern =~ s/\"//g; # to shut security hole\n## Short Description\nThe Global package global.cgi contains a flaw that may allow a malicious user to execute arbitrary shell commands. The issue is triggered due to due to insufficient handling of quoted or escaped characters in this version, and command line arguments are then handed off to shell commands. It is possible that the flaw may allow remote command execution resulting in a loss of integrity\n## References:\nVendor URL: http://www.tamacom.com/global/\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:64.global.asc)\n[Vendor Specific Advisory URL](ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-014.txt.asc)\nISS X-Force ID: 5424\n[CVE-2000-0952](https://vulners.com/cve/CVE-2000-0952)\n"}

{"cve": [{"lastseen": "2020-10-03T11:36:57", "description": "global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.", "edition": 3, "cvss3": {}, "published": "2000-12-19T05:00:00", "title": "CVE-2000-0952", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2000-0952"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:shigio_yamaguchi:global:3.55"], "id": "CVE-2000-0952", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0952", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:shigio_yamaguchi:global:3.55:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-08T16:40:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2000-0923", "CVE-2002-0955", "CVE-2001-0022", "CVE-2001-0135", "CVE-2000-0423", "CVE-2001-0180", "CVE-2001-0100", "CVE-2001-0023", "CVE-2001-1343", "CVE-2000-1023", "CVE-2001-0099", "CVE-2000-0288", "CVE-2003-0153", "CVE-1999-1377", "CVE-2004-0734", "CVE-1999-1374", "CVE-2004-0251", "CVE-1999-0935", "CVE-2001-1212", "CVE-2001-1196", "CVE-1999-0936", "CVE-1999-0937", "CVE-2001-0420", "CVE-2000-0526", "CVE-2001-0123", "CVE-2004-0665", "CVE-2001-0133", "CVE-2001-1205", "CVE-2000-1131", "CVE-2002-1526", "CVE-2001-1283", "CVE-2002-0749", "CVE-2000-0977", "CVE-1999-1072", "CVE-2002-1334", "CVE-2002-0346", "CVE-2002-0203", "CVE-2000-0952", "CVE-2000-1132", "CVE-1999-0934", "CVE-2001-1100", "CVE-2002-0611", "CVE-2002-0263", "CVE-2002-0710", "CVE-2001-0562", "CVE-2002-0917", "CVE-2002-0230", "CVE-2004-0696", "CVE-2001-0076"], "description": "Some of the following dangerous CGIs were found.\n\n By default this script only checks for this CGIs within the /cgi-bin directory. You can change\n this behavior with the script preference to check all detected CGI directories.", "modified": "2020-05-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231011748", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011748", "type": "openvas", "title": "Various dangerous cgi scripts", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Various dangerous cgi scripts\n#\n# Authors:\n# John Lampe <j_lampe@bellsouth.net>\n# Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2003 John Lampe\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Also covers :\n# \"CVE-1999-1374\",\"CVE-2001-1283\",\"CVE-2001-0076\",\"CVE-2002-0710\",\"CVE-2001-1100\",\"CVE-2002-0346\",\"CVE-2001-0133\",\"CVE-2001-0022\",\"CVE-2001-0420\",\"CVE-2002-0203\",\"CVE-2001-1343\"\n# \"CVE-2002-0917\",\"CVE-2003-0153\",\"CVE-2003-0153\",\"CVE-2000-0423\",\"CVE-1999-1377\",\"CVE-2001-1196\",\"CVE-2002-1526\",\"CVE-2001-0023\",\"CVE-2002-0263\",\"CVE-2002-0263\",\"CVE-2002-0611\",\n# \"CVE-2002-0230\",\"CVE-2000-1131\",\"CVE-2000-0288\",\"CVE-2000-0952\",\"CVE-2001-0180\",\"CVE-2002-1334\",\"CVE-2001-1205\",\"CVE-2000-0977\",\"CVE-2000-0526\",\"CVE-2001-1100\",\"CVE-2000-1023\"\n# ,\"CVE-1999-0937\",\"CVE-2001-0099\",\"CVE-2001-0100\",\"CVE-2001-1212\",\"CVE-2000-1132\",\"CVE-1999-0934\",\"CVE-1999-0935\"\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11748\");\n script_version(\"2020-05-06T06:57:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 06:57:16 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(1784, 2177, 2197, 2705, 4211, 4579, 5078);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-1999-1072\", \"CVE-2002-0749\", \"CVE-2001-0135\", \"CVE-2002-0955\", \"CVE-2001-0562\",\n \"CVE-2002-0346\", \"CVE-2000-0923\", \"CVE-2001-0123\");\n script_name(\"Various dangerous cgi scripts\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2003 John Lampe\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_add_preference(name:\"Check all detected CGI directories:\", type:\"checkbox\", value:\"no\", id:1);\n\n script_tag(name:\"summary\", value:\"Some of the following dangerous CGIs were found.\n\n By default this script only checks for this CGIs within the /cgi-bin directory. You can change\n this behavior with the script preference to check all detected CGI directories.\");\n\n script_tag(name:\"solution\", value:\"Please take the time to visit cve.mitre.org and check the\n associated CVE ID for each cgi found. If you are running a vulnerable\n version, then delete or upgrade the CGI.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\ncgi[0] = \"AT-admin.cgi\"; cve[0] = \"CVE-1999-1072\";\ncgi[1] = \"CSMailto.cgi\"; cve[1] = \"CVE-2002-0749\";\ncgi[2] = \"UltraBoard.cgi\"; cve[2] = \"CVE-2001-0135\";\ncgi[3] = \"UltraBoard.pl\"; cve[3] = cve[2];\ncgi[4] = \"YaBB.cgi\"; cve[4] = \"CVE-2002-0955\";\ncgi[5] = \"a1disp4.cgi\"; cve[5] = \"CVE-2001-0562\";\ncgi[6] = \"alert.cgi\"; cve[6] = \"CVE-2002-0346\";\ncgi[7] = \"authenticate.cgi\"; cve[7] = \"CVE-2000-0923\";\ncgi[8] = \"bbs_forum.cgi\"; cve[8] = \"CVE-2001-0123\";\ncgi[9] = \"bnbform.cgi\"; cve[9] = \"CVE-1999-0937\";\ncgi[10] = \"bsguest.cgi\"; cve[10] = \"CVE-2001-0099\";\ncgi[11] = \"bslist.cgi\"; cve[11] = \"CVE-2001-0100\";\ncgi[12] = \"catgy.cgi\"; cve[12] = \"CVE-2001-1212\";\ncgi[13] = \"cgforum.cgi\"; cve[13] = \"CVE-2000-1132\";\ncgi[14] = \"classifieds.cgi\"; cve[14] = \"CVE-1999-0934\";\ncgi[15] = \"csPassword.cgi\"; cve[15] = \"CVE-2002-0917\";\ncgi[16] = \"cvsview2.cgi\" ; cve[16] = \"CVE-2003-0153\";\ncgi[17] = \"cvslog.cgi\"; cve[17] = cve[16];\ncgi[18] = \"multidiff.cgi\"; cve[18] = \"CVE-2003-0153\";\ncgi[19] = \"dnewsweb.cgi\"; cve[19] = \"CVE-2000-0423\";\ncgi[20] = \"download.cgi\"; cve[20] = \"CVE-1999-1377\";\ncgi[21] = \"edit_action.cgi\"; cve[21] = \"CVE-2001-1196\";\ncgi[22] = \"emumail.cgi\"; cve[22] = \"CVE-2002-1526\";\ncgi[23] = \"everythingform.cgi\"; cve[23] = \"CVE-2001-0023\";\ncgi[24] = \"ezadmin.cgi\"; cve[24] = \"CVE-2002-0263\";\ncgi[25] = \"ezboard.cgi\"; cve[25] = \"CVE-2002-0263\";\ncgi[26] = \"ezman.cgi\"; cve[26] = cve[25];\ncgi[27] = \"ezadmin.cgi\"; cve[27] = cve[25];\ncgi[28] = \"FileSeek.cgi\"; cve[28] = \"CVE-2002-0611\";\ncgi[29] = \"fom.cgi\"; cve[29] = \"CVE-2002-0230\";\ncgi[30] = \"gbook.cgi\"; cve[30] = \"CVE-2000-1131\";\ncgi[31] = \"getdoc.cgi\"; cve[31] = \"CVE-2000-0288\";\ncgi[32] = \"global.cgi\"; cve[32] = \"CVE-2000-0952\";\ncgi[33] = \"guestserver.cgi\"; cve[33] = \"CVE-2001-0180\";\ncgi[34] = \"imageFolio.cgi\"; cve[34] = \"CVE-2002-1334\";\ncgi[35] = \"lastlines.cgi\"; cve[35] = \"CVE-2001-1205\";\ncgi[36] = \"mailfile.cgi\"; cve[36] = \"CVE-2000-0977\";\ncgi[37] = \"mailview.cgi\"; cve[37] = \"CVE-2000-0526\";\ncgi[38] = \"sendmessage.cgi\"; cve[38] = \"CVE-2001-1100\";\ncgi[39] = \"nsManager.cgi\"; cve[39] = \"CVE-2000-1023\";\ncgi[40] = \"perlshop.cgi\"; cve[40] = \"CVE-1999-1374\";\ncgi[41] = \"readmail.cgi\"; cve[41] = \"CVE-2001-1283\";\ncgi[42] = \"printmail.cgi\"; cve[42] = cve[41];\ncgi[43] = \"register.cgi\"; cve[43] = \"CVE-2001-0076\";\ncgi[44] = \"sendform.cgi\"; cve[44] = \"CVE-2002-0710\";\ncgi[45] = \"sendmessage.cgi\"; cve[45] = \"CVE-2001-1100\";\ncgi[46] = \"service.cgi\"; cve[46] = \"CVE-2002-0346\";\ncgi[47] = \"setpasswd.cgi\"; cve[47] = \"CVE-2001-0133\";\ncgi[48] = \"simplestmail.cgi\"; cve[48] = \"CVE-2001-0022\";\ncgi[49] = \"simplestguest.cgi\"; cve[49] = cve[48];\ncgi[50] = \"talkback.cgi\"; cve[50] = \"CVE-2001-0420\";\ncgi[51] = \"ttawebtop.cgi\"; cve[51] = \"CVE-2002-0203\";\ncgi[52] = \"ws_mail.cgi\"; cve[52] = \"CVE-2001-1343\";\ncgi[53] = \"survey.cgi\"; cve[53] = \"CVE-1999-0936\";\ncgi[54] = \"rxgoogle.cgi\"; cve[54] = \"CVE-2004-0251\";\ncgi[55] = \"ShellExample.cgi\"; cve[55] = \"CVE-2004-0696\";\ncgi[56] = \"Web_Store.cgi\"; cve[56] = \"CVE-2004-0734\";\ncgi[57] = \"csFAQ.cgi\"; cve[57] = \"CVE-2004-0665\";\n\ncheck_kb_cgi_dirs = script_get_preference( \"Check all detected CGI directories:\", id:1 );\n\nreport = string( \"The following dangerous CGI scripts were found\", \"\\n\\n\" );\n\nport = http_get_port( default:80 );\n\nif( check_kb_cgi_dirs == \"yes\" ) {\n dirs = make_list_unique( \"/\", \"/scripts\", \"/cgi-bin\", http_cgi_dirs( port:port ) );\n} else {\n dirs = make_list( \"/cgi-bin\" );\n}\n\nflag = FALSE;\n\nfor( i = 0; cgi[i]; i++ ) {\n\n foreach dir( dirs ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/\" + cgi[i];\n\n if( http_is_cgi_installed_ka( item:url, port:port ) ) {\n flag = TRUE;\n vuln_url = http_report_vuln_url( url:url, port:port, url_only:TRUE );\n report += vuln_url + \" (\" + cve[i] + ')\\n';\n }\n }\n}\n\nif( flag ) {\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T09:38:20", "description": "It is possible that the remote web server contains one or more\ndangerous CGI scripts. \n\nNote that this plugin does not actually test for the underlying flaws\nbut instead only searches for scripts with the same name as those with\nknown vulnerabilities.", "edition": 20, "published": "2003-06-17T00:00:00", "title": "Multiple Dangerous CGI Script Detection", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2000-0923", "CVE-2002-0955", "CVE-2001-0022", "CVE-2001-0135", "CVE-2000-0423", "CVE-2001-0180", "CVE-2001-0100", "CVE-2001-0023", "CVE-2001-1343", "CVE-2002-0750", "CVE-2000-1023", "CVE-2001-0099", "CVE-2000-0288", "CVE-2003-0153", "CVE-1999-1377", "CVE-2004-0734", "CVE-1999-1374", "CVE-2004-0251", "CVE-1999-0935", "CVE-2001-1212", "CVE-2001-1196", "CVE-1999-0936", "CVE-1999-0937", "CVE-2001-0420", "CVE-2000-0526", "CVE-2001-0123", "CVE-2004-0665", "CVE-2001-0133", "CVE-2001-1205", "CVE-2000-1131", "CVE-2002-1526", "CVE-2001-1283", "CVE-2002-0749", "CVE-2000-0977", "CVE-1999-1072", "CVE-2002-1334", "CVE-2002-0346", "CVE-2002-0203", "CVE-2000-0952", "CVE-2000-1132", "CVE-1999-0934", "CVE-2001-1100", "CVE-2002-0611", "CVE-2002-0752", "CVE-2002-0263", "CVE-2002-0710", "CVE-2001-0562", "CVE-2002-0917", "CVE-2002-0751", "CVE-2002-0230", "CVE-2004-0696", "CVE-2001-0076"], "modified": "2003-06-17T00:00:00", "cpe": [], "id": "DANGEROUS_CGIS.NASL", "href": "https://www.tenable.com/plugins/nessus/11748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by John Lampe...j_lampe@bellsouth.net \n# Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# See the Nessus Scripts License for details\n\n# Changes by Tenable:\n# - Revised plugin title, moved CVE from header comment to CVE (4/9/2009)\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(11748);\n script_version(\"1.38\");\n\n script_cve_id(\n \"CVE-1999-0934\",\n \"CVE-1999-0935\",\n \"CVE-1999-0937\",\n \"CVE-1999-1072\",\n \"CVE-1999-1374\",\n \"CVE-1999-1377\",\n \"CVE-2000-0288\",\n \"CVE-2000-0423\",\n \"CVE-2000-0526\",\n \"CVE-2000-0923\",\n \"CVE-2000-0952\",\n \"CVE-2000-0977\",\n \"CVE-2000-1023\",\n \"CVE-2000-1131\",\n \"CVE-2000-1132\",\n \"CVE-2001-0022\",\n \"CVE-2001-0023\",\n \"CVE-2001-0076\",\n \"CVE-2001-0099\",\n \"CVE-2001-0100\",\n \"CVE-2001-0123\",\n \"CVE-2001-0133\",\n \"CVE-2001-0135\",\n \"CVE-2001-0180\",\n \"CVE-2001-0420\",\n \"CVE-2001-0562\",\n \"CVE-2001-1100\",\n \"CVE-2001-1196\",\n \"CVE-2001-1205\",\n \"CVE-2001-1212\",\n \"CVE-2001-1283\",\n \"CVE-2001-1343\",\n \"CVE-2002-0203\",\n \"CVE-2002-0230\",\n \"CVE-2002-0263\",\n \"CVE-2002-0346\",\n \"CVE-2002-0611\",\n \"CVE-2002-0710\",\n \"CVE-2002-0749\",\n \"CVE-2002-0750\",\n \"CVE-2002-0751\",\n \"CVE-2002-0752\",\n \"CVE-2002-0917\",\n \"CVE-2002-0955\",\n \"CVE-2002-1334\",\n \"CVE-2002-1334\",\n \"CVE-2002-1526\",\n \"CVE-2003-0153\"\n );\n script_bugtraq_id(\n 1784,\n 2177,\n 2197,\n 4211,\n 4579,\n 5078,\n 6265\n );\n \n script_name(english:\"Multiple Dangerous CGI Script Detection\");\n script_summary(english:\"Checks for dangerous cgi scripts\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may contain some dangerous CGI scripts.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"It is possible that the remote web server contains one or more\ndangerous CGI scripts. \n\nNote that this plugin does not actually test for the underlying flaws\nbut instead only searches for scripts with the same name as those with\nknown vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Visit http://cve.mitre.org/ and check the associated CVE entry for\neach script found. If you are running a vulnerable version, then\ndelete or upgrade the script.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:ND/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22);\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/06/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/01/07\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_ATTACK); \n \n script_copyright(english:\"This script is Copyright (C) 2003-2021 John Lampe\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"find_service1.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"Settings/ThoroughTests\", \"Settings/ParanoidReport\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"global_settings.inc\");\n\nif ( report_paranoia < 2 || ! thorough_tests )\n exit(0, \"This plugin is slow and prone to FP: it will only run in 'paranoid' mode and if the 'Perform thorough tests' setting enabled.\");\n\nport = get_http_port(default:80, embedded:TRUE);\nif ( get_kb_item(\"www/no404/\" + port ) || ! port) exit(0);\n\nif(!get_port_state(port))exit(0);\ncgi[0] = \"AT-admin.cgi\"; cve[0] = \"CVE-1999-1072\";\ncgi[1] = \"CSMailto.cgi\"; cve[1] = \"CVE-2002-0749\"; # and CVE-2002-0750, CVE-2002-0751, and CVE-2002-0752\ncgi[2] = \"UltraBoard.cgi\"; cve[2] = \"CVE-2001-0135\";\ncgi[3] = \"UltraBoard.pl\"; cve[3] = cve[2];\ncgi[4] = \"YaBB.cgi\"; cve[4] = \"CVE-2002-0955\";\ncgi[5] = \"a1disp4.cgi\"; cve[5] = \"CVE-2001-0562\";\ncgi[6] = \"alert.cgi\"; cve[6] = \"CVE-2002-0346\";\ncgi[7] = \"authenticate.cgi\"; cve[7] = \"CVE-2000-0923\";\ncgi[8] = \"bbs_forum.cgi\"; cve[8] = \"CVE-2001-0123\";\ncgi[9] = \"bnbform.cgi\"; cve[9] = \"CVE-1999-0937\";\ncgi[10] = \"bsguest.cgi\"; cve[10] = \"CVE-2001-0099\";\ncgi[11] = \"bslist.cgi\"; cve[11] = \"CVE-2001-0100\";\ncgi[12] = \"catgy.cgi\"; cve[12] = \"CVE-2001-1212\";\ncgi[13] = \"cgforum.cgi\"; cve[13] = \"CVE-2000-1132\";\ncgi[14] = \"classifieds.cgi\"; cve[14] = \"CVE-1999-0934\";\ncgi[15] = \"csPassword.cgi\"; cve[15] = \"CVE-2002-0917\";\ncgi[16] = \"cvsview2.cgi\" ; cve[16] = \"CVE-2003-0153\"; \ncgi[17] = \"cvslog.cgi\"; cve[17] = cve[16];\ncgi[18] = \"multidiff.cgi\"; cve[18] = \"CVE-2003-0153\";\ncgi[19]\t= \"dnewsweb.cgi\"; cve[19] = \"CVE-2000-0423\";\ncgi[20] = \"download.cgi\"; cve[20] = \"CVE-1999-1377\";\ncgi[21] = \"edit_action.cgi\"; cve[21] = \"CVE-2001-1196\";\ncgi[22] = \"emumail.cgi\"; cve[22] = \"CVE-2002-1526\";\ncgi[23] = \"everythingform.cgi\"; cve[23] = \"CVE-2001-0023\";\ncgi[24] = \"ezadmin.cgi\"; cve[24] = \"CVE-2002-0263\";\ncgi[25] = \"ezboard.cgi\"; cve[25] = \"CVE-2002-0263\";\ncgi[26] = \"ezman.cgi\"; cve[26] = cve[25];\ncgi[27] = \"ezadmin.cgi\"; cve[27] = cve[25];\ncgi[28] = \"FileSeek.cgi\"; cve[28] = \"CVE-2002-0611\";\ncgi[29] = \"fom.cgi\"; cve[29] = \"CVE-2002-0230\";\ncgi[30] = \"gbook.cgi\";\t cve[30] = \"CVE-2000-1131\";\ncgi[31] = \"getdoc.cgi\";\t cve[31] = \"CVE-2000-0288\";\ncgi[32] = \"global.cgi\";\t cve[32] = \"CVE-2000-0952\";\ncgi[33] = \"guestserver.cgi\"; cve[33] = \"CVE-2001-0180\";\ncgi[34] = \"imageFolio.cgi\"; cve[34] = \"CVE-2002-1334\";\ncgi[35] = \"lastlines.cgi\"; cve[35] = \"CVE-2001-1205\";\ncgi[36] = \"mailfile.cgi\"; cve[36] = \"CVE-2000-0977\";\ncgi[37] = \"mailview.cgi\"; cve[37] = \"CVE-2000-0526\";\ncgi[38] = \"sendmessage.cgi\"; cve[38] = \"CVE-2001-1100\";\ncgi[39] = \"nsManager.cgi\"; cve[39] = \"CVE-2000-1023\";\ncgi[40] = \"perlshop.cgi\"; cve[40] = \"CVE-1999-1374\";\ncgi[41] = \"readmail.cgi\"; cve[41] = \"CVE-2001-1283\";\ncgi[42] = \"printmail.cgi\"; cve[42] = cve[41];\ncgi[43] = \"register.cgi\"; cve[43] = \"CVE-2001-0076\";\ncgi[44] = \"sendform.cgi\"; cve[44] = \"CVE-2002-0710\";\ncgi[45] = \"sendmessage.cgi\"; cve[45] = \"CVE-2001-1100\";\ncgi[46] = \"service.cgi\"; cve[46] = \"CVE-2002-0346\";\ncgi[47] = \"setpasswd.cgi\"; cve[47] = \"CVE-2001-0133\";\ncgi[48] = \"simplestmail.cgi\"; cve[48] = \"CVE-2001-0022\";\ncgi[49] = \"simplestguest.cgi\"; cve[49] = cve[48];\ncgi[50] = \"talkback.cgi\"; cve[50] = \"CVE-2001-0420\";\ncgi[51] = \"ttawebtop.cgi\"; cve[51] = \"CVE-2002-0203\";\ncgi[52] = \"ws_mail.cgi\"; cve[52] = \"CVE-2001-1343\";\ncgi[53] = \"survey.cgi\"; cve[53] = \"CVE-1999-0936\";\ncgi[54] = \"rxgoogle.cgi\"; cve[54] = \"CVE-2004-0251\";\ncgi[55] = \"ShellExample.cgi\"; cve[55] = \"CVE-2004-0696\";\ncgi[56] = \"Web_Store.cgi\"; cve[56] = \"CVE-2004-0734\";\ncgi[57] = \"csFAQ.cgi\"; cve[57] = \"CVE-2004-0665\";\n\nflag = 0;\ndirectory = \"\";\n\nmymsg = string(\"\\n\", \"The following dangerous CGI scripts were found :\", \"\\n\\n\");\n\nfor (i = 0 ; cgi[i]; i = i + 1) {\n\tforeach dir (cgi_dirs()) {\n \t\tif(is_cgi_installed_ka(item:string(dir, \"/\", cgi[i]), port:port)) {\n \t\t\tflag = 1;\n\t\t\tmymsg = mymsg + string(\" - \", dir, \"/\", cgi[i], \" (\", cve[i], \")\\n\");\n \t\t} \n\t}\n} \n\n\nif (flag) {\n security_hole(port:port, extra:mymsg); \n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}