EUVD-1999-0918

Malware in sbrugna...

BNBForm Automessage可远程获取文件漏洞

BugCVE: CVE-1999-0937 BUGTRAQ: 2147 BNBForm是一个基于Web的通过表单提交发送邮件的CGI程序，由Big Nose Bird公司开发维护。BNBForm bnbform.cgi脚本实现上存在漏洞，远程攻击者可能利用此漏洞得到主机上的任意知道其名字的文件。 4.0版以下的bnbform.cgi对用户输入未做充分过滤，远程攻击者可能通过在“automessage”变量中指定想获取的系统上的文件名就可以让脚本把此文件寄给自己。攻击者由此可能访问到系统的敏感文件和信息。 1.0-3.0 Big Nose Bird -------------...

BNBForm bnbform.cgi Automessage Arbitrary File Retrieval

Binary data 1643.prm...

CVE-1999-0937

CVE-1999-0937 affects BNBForm’s bnbform.cgi CGI script. The vulnerability arises from insufficient filtering of user input in the automessage hidden variable, enabling remote attackers to read arbitrary files on the host (for example, via automessage value specifying a system file). Impact is rea...

CVE-1999-0937

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable...

CVE-1999-0937

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable...

PT-1998-1120 · Bnbform · Bnbform

Name of the Vulnerable Software and Affected Versions: BNBForm affected versions not specified Description: The issue allows remote attackers to read arbitrary files. This is achieved via the automessage hidden form variable. Recommendations: At the moment, there is no information about a newer...