738 matches found
CVE-2003-0217
Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...
Netwin WebNews Webnews.exe Remote Overflow
The remote host appears to be running WebNews, which offers web-based access to Usenet news. Some versions of WebNews are prone to a buffer overflow when processing a query string with an overly-long group parameter. An attacker may be able to leverage this issue to execute arbitrary shell code o...
Bandmin 1.4 XSS Exploit
Bandmin 1.4 XSS Exploit by Silent Needle A:BACKGROUND Bandmin is a cgi script show you the bandwidth for the sites in the server. B:DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C:EXPLOIT These are th...
Bandmin 1.4 index.cgi Multiple Parameter XSS
The remote host is running the Bandmin CGI suite. There is a cross-site scripting issue in this suite that may allow an attacker to steal your users cookies. The flaw lies in the cgi bandwitdh/index.cgi %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: 28 May 2003 16:38:40 -0000 From:...
CVE-2003-0217
Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...
CVE-2003-0217
CVE-2003-0217 describes a cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) up to version 3.01, where an input parameter passed to a CGI script (notably swsrv.cgi) could be exploited to hijack a user session and bypass authentication. The underlying issue is impr...
CVE-2002-0488
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter...
CVE-2000-0590
Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the datadir parameter...
CVE-2000-0590
CVE-2000-0590 affects the Poll It 2.0 CGI script. The vulnerability allows a remote attacker to read arbitrary files by supplying a file name in the data_dir parameter, with an example showing access to /etc/passwd. OpenVAS/Nessus entries corroborate arbitrary file access via the CGI. Remediation...
CVE-2002-0488
The vulnerability CVE-2002-0488 affects Linux Directory Penguin traceroute.pl CGI script version 1.0. A flaw in the traceroute.pl CGI allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter, enabling remote code execution. This assessment is supported by P...
SimpleChat Information Disclosure
It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...
Upload Lite upload.cgi Arbitrary File Upload
The Upload Lite upload.cgi CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server. Note that Nessus did not test whether uploads are possible, only that the script exists. %NASLMINLEVEL 70300 C Tenable Network Security,...
Simple File Manager Directory / Filename XSS
The remote Simple File Manager CGI fm.php improperly validates the names of the directories entered and created by the user. As a result, a user could generate a cross-site scripting attack on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Wordit Logbook logbook.pl file Parameter Arbitrary File Access
The WordIt 'logbook.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets anyone read arbitrary files on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid1136...
WebWho+ whois.pl time Parameter Arbitrary Command Execution
The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2002-1850
modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...
CVE-2002-1986
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot "."...
CVE-2002-1361
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP Security Hardening Patch installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter...
Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV
In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...
XSS bug in Monkey (0.5.0) HTTP server
Illegal Instruction Labs Advisory ------------------------------------------------------------------------- Advisory name: XSS bug in Monkey 0.5.0 HTTP server Advisory number: 14 Application: Monkey 0.5.0 HTTP server Application author: Eduardo Silva EdsipeR Author e-mail: [email protected]...