Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request

Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...

Mike Spice's Quiz Me! does not adequately validate user input

Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...

Mike Spice's My Calendar does not adequately validate user input

Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...

alya.cgi CGI Backdoor Detection

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple rootkits. This script was written by Jason Lidow Changes by Tenable: - Overhauled description, added Synopsis/Reference/Solution 12/8/2008 include"compat.inc"; if description scriptid1111...

Viralator CGI Script Arbitrary Command Execution

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server. No flaw was tested. Your script might be a safe version. %NASLMINLEVEL 70300 C Tenable Network Security, In...

CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter...

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...

Bug in Eupload

Bug in Eupload ----------------- | By ZeroByte || [email protected] | | ICQ 98177781 | 1.1 - What is Eupload? Eupload, is an web utility used to facilitate the update of web sites by means of scripts CGI. This tool allows the ascent of files to the servant by means of an web interface. The...

CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

Apache Web Server ap_log_rerror() function discloses full path to CGI script

Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...

Buffer overflow in Oracle 9iAS Reports Server

Buffer overflow in CGI script...

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...

CVE-2002-0489

CVE-2002-0489 affects the Linux Directory Penguin NsLookup CGI script (nslookup.pl) version 1.0. It allows remote code execution via shell metacharacters in the (1) query or (2) type parameters. The NVD record assigns a base score of 10.0 (HIGH) with network attack vector, low complexity, no auth...

CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation

The AlienForm CGI script allows an attacker to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file. The AlienForm CGI script is installed as either af.cgi or alienform.cgi. %NASLMINLEVEL 70300 This script was written by Andrew...

MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access

The 'mrtg.cgi' script is part of the MRTG traffic visualization application. A vulnerability exists in this script that allows an attacker to view the first line of any file on the system. %NASLMINLEVEL 70300 This script was written by H D Moore Script audit and contributions from Carmichael...

CGIScript.net - csPassword.cgi 1.0 Information Disclosure

CGIScript.net - csPassword.cgi 1.0 Information Disclosure source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by...

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

CVE-2002-0266

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...

CVE-2002-0266

The connected documents confirm CVE-2002-0266 affects Thunderstone Texis CGI scripts, enabling unauthenticated remote disclosure of the web root path by requesting a nonexistent file, with error messages revealing the full pathname. No fix/version remediation details are provided in the supplied ...