webspirs.cgi

The remote web server contains a CGI script that is prone to information disclosure. Description : The remote host is running WebSPIRS, SilverPlatter SPDX-FileCopyrightText: 2001 Laurent Kitzinger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Apache <= 1.3.33 htpasswd local overflow

The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is...

AlienForm CGI Script Directory Traversal Vulnerability (Jun 2002) - Active Check

The AlienForm CGI script is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2002 Andrew Hintz http://guh.nu Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

bizdb1-search.cgi located

One of the BizDB scripts, bizdb-search.cgi, passes a variable SPDX-FileCopyrightText: 2000 Roelof Temmingh Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

guestbook.pl

The SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10099";...

Apache HTTP Server Remote Command Execution via .bat files

The Apache HTTP Server 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server although it is reported that any .bat file could open this vulnerability. SPDX-FileCopyrightText: 2002 Matt Moore Some text...

Webnews.exe Buffer Overflow Vulnerability

The remote host appears to be running WebNews, which offers web-based access to Usenet news. This CGI script suffers from a buffer overflow vulnerability. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution

The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the 'class' variable to various sources before using it to run commands. By leveraging this flaw, an attacker may ...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

CVE-2005-3094

Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter...

Alkalay.Net Multiple Scripts Arbitrary Command Execution

The remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

man2web Multiple Scripts Arbitrary Command Execution

The remote host appears to be running man2web, a program for dynamically converting unix man pages to HTML. The installed version of man2web allows attackers to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable...

man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)

Exploit for cgi platform in category web applications =================================================================== man2web include include include include void usagechar argv0 fprintfstderr, "x86/linux multipie man2web cgi-scripts remote command spawn\n"; fprintfstderr, "researched by...

Community Link Pro login.cgi file Parameter Arbitrary Command Execution

The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'login.cgi' script of shell metacharacters before using it to run a command. An unauthenticated attacker can...

FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)

An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server. The problem specifically exists when the application is running as a CGI script on a web server. The...

SiteMinder 5.5 Multiple Script XSS

The remote host is running SiteMinder, an access-management solution from Netegrity / Computer Associates. The installed version of SiteMinder suffers from several cross-site scripting flaws in its 'smpwservicescgi.exe' and 'login.fcc' scripts. An attacker can exploit these flaws to inject...

CGI-Club imTRBBS 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/14091/info imTRBBS is affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'imtrbbs.cgi' script that will be executed in the context of the Web server...

CVE-2002-1854

Rlaj whois CGI script whois.cgi 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field...

CVE-2002-1854

Technical details about CVE-2002-1854 are not publicly available in the provided connected documents. The record repeats the domain-name shell metacharacter vulnerability in whois.cgi, but no product/vendor/version or fix is disclosed here. Monitor for updates.

CVE-2002-1850

The CVE-2002-1850 issue affects Apache’s mod_cgi in versions 2.0.39 and 2.0.40. A CGI script that writes a large amount of data to stderr can trigger a read/write deadlock between httpd and the CGI script, allowing local users and possibly remote attackers to cause a denial of service (hang and m...