738 matches found
CVE-2000-1176
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. dot dot attack in the "catsearch" form field...
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...
Informix webdriver CGI Unauthenticated Database Access
The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...
CVE-2000-0924
Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. dot dot attack in the "catigory" parameter...
CVE-2000-1176
CVE-2000-1176 describes a directory-traversal vulnerability in YaBB’s search.pl CGI script, permitting remote attackers to read arbitrary files by abusing a .. (dot dot) input in the catsearch form field. The issue is documented for YaBB SE configurations, including references to older plugins th...
CVE-2000-0944
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...
CVE-2000-0912
MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...
(SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...
SRADV00005.txt
================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...
Endymion MailMan 3.0.x - Arbitrary Command Execution
Endymion MailMan 3.0.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of t...
Markus Triska CGIForum 1.0 - thesection Directory Traversal
Markus Triska CGIForum 1.0 - thesection Directory Traversal source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the...
FreeBSD-SA-00:73.thttpd
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...
CVE-2000-0878
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...
CVE-2000-0877
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attachfile parameter, which MailForm then sends to the attacker...
CVE-2000-0868
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...
FreeBSD-SA-00:64.global
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:64 Security Advisory FreeBSD, Inc. Topic: global port allows remote compromise through CGI script Category: ports Module: global Announced: 2000-11-06 Credits: Shigio...
Дырка в Global
Недостаточный разбор shell-метасимволов в CGI-Скрипте позволяет выполнение команд на сервере...
CVE-2000-0687
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...
CVE-2000-0696
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...