CVE-2002-1986

Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...

CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

The remote host is running K-COLLECT csv-database, a web application written in perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'csvdb.cgi' script before using it to run a shell command. An unauthenticated can exploit this issue to execute...

CVE-2002-1751

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

ViRobot Linux Server addschup Multiple Overflows

The remote host is running ViRobot Linux Server, a commercial anti- virus product for Linux. According to its banner, the installed version of ViRobot Linux Server suffers from a remote buffer overflow vulnerability in its web-based management interface. By passing specially crafted data through...

Listserv < 14.3-2005a Multiple Vulnerabilities

According to its version number, the Listserv web interface on the remote host suffers from several critical and as-yet unspecified vulnerabilities. An attacker may be able to exploit these flaws to execute arbitrary code on the affected system or allow remote denial of service. %NASLMINLEVEL 703...

SqWebMail redirect Parameter CRLF Injected XSS

The remote host is running a version of SqWebMail that does not properly sanitize user-supplied input through the 'redirect' parameter. An attacker can exploit this flaw to inject arbitrary HTML and script code into a user's browser to be executed within the context of the affected website. Such...

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow 2 // source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm...

CVE-2003-1137

CVE-2003-1137 affects sh-httpd versions 0.3 and 0.4. The issue allows remote attackers to read files or execute arbitrary CGI scripts via a GET request containing an asterisk (*) wildcard character, indicating improper handling of wildcards in input. The provided documents do not specify a fix or...

USN-120-1: Apache 2 vulnerability

Luca Ercoli discovered that the "htdigest" program did not perform any bounds checking when it copied the "user" and "realm" arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...

[Full-disclosure] NIC Chile CGI Script Zone Transfers

NIC Chile CGI Script Zone Transfers. Autor: Rodrigo Gutierrez rodrigo at intellicomp.cl Affected: All ".cl" domains which use NIC's Chile Secondary NS. Vendor url: http://www.nic.cl Rate: Critical Background. NIC Chile is a part of the University of Chile and is in charge of handling all the...

remote command execution in inserter.cgi script

Tunis 24/04/2005 BUG found by fireboy [email protected] THERE ARE SOME BUGS IN inserter.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1file showing...

The Includer CGI 1.0 - Remote Command Execution (2)

!/usr/bin/perl Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print " incl10.pl 127.0.0.1 / "uname -a"\n"; print "...

lighttpd script source code leak

It's possible to retrieve CGI script source code...

lighttpd < 1.3.8 Null Byte Request CGI Script Source Code Disclosure

According to its banner, the version of lighttpd running on the remote host is prior to 1.3.8. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this vulnerability, by requesting a CGI script that is appended by a '%00', to read...

AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)

The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software is prone to a command execution flaw as well as an information disclosure vulnerability. An attacker may exploit this feature to obtain more information...

AWStats: Remote code execution

Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...

[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...

DSA-650-1 sword - missing input sanitising

Bulletin has no description...

[Full-Disclosure] iDEFENSE Security Advisory 01.17.05: AWStats Remote Command Execution Vulnerability

AWStats Remote Command Execution Vulnerability iDEFENSE Security Advisory 01.17.05 www.idefense.com/application/poi/display?id=185&type=vulnerabilities January 17, 2005 I. BACKGROUND AWStats is a free tool that generates advanced web, ftp or mail server statistics, graphically. More information...