Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access

The 'store.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10639;...

Free Online Dictionary of Computing 1.0 - Remote File Viewing

Free Online Dictionary of Computing 1.0 - Remote File Viewing source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and...

Free Online Dictionary of Computing 1.0 - Remote File Viewing

source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as...

CGI - mailnews.cgi vulnerability...

Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...

WebSPIRS webspirs.cgi Traversal Arbitrary File Access

The remote host is running WebSPIRS, SilverPlatter's Information Retrieval System for the web. The installed version of WebSPIRS has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 This script...

Bajie WebServer 0.780.90 - Remote Command Execution

Bajie WebServer 0.780.90 - Remote Command Execution source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These...

Bajie WebServer 0.78/0.90 - Remote Command Execution

source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These uploaded scripts are placed in known destination...

Security advisory for analog

SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...

iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read

The 'hsx.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescripti...

phf CGI Script fails to guard against newline characters

Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...

CVE-2000-0944

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...

CVE-2000-0944

The CVE-2000-0944 issue affects CGI Script Center News Update 1.1. The vulnerability is in the password change flow where the original news administration password is not properly validated, enabling remote attackers to modify the password without knowing the original. Impact is unauthenticated r...

CVE-2000-0912

The CVE-2000-0912 entry concerns the MultiHTML CGI script (multihtml.pl). Affected component: the multihtml.pl CGI. The underlying issue is a traversal/file-access vulnerability where the attacker can specify the file name via the multi parameter, enabling reading of arbitrary files on the remote...

CVE-2000-0287

The CVE-2000-0287 vulnerability affects BizDB’s web database integration product, specifically the Perl CGI script bizdb-search.cgi. The flaw arises when the dbname parameter is passed to an unchecked open() call, allowing remote attackers to execute commands at the webserver’s privilege level by...

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

CVE-2000-0912

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...