465 matches found
CVE-2000-0521
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...
CVE-2000-0521
Savant web server vulnerability CVE-2000-0521 allows remote disclosure of CGI source by requesting the original CGI form. The OpenVAS NASL description: “Savant original form CGI access” states that attackers can download the unprocessed CGI, exposing sensitive information stored inside those scri...
CVE-2000-0696
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...
Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or...
@stake Advisory: SuSE Apache CGI Source Code Viewing (A090700-2)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com www.cerberus-infosec.co.uk Security Advisory Release Date: 09/07/2000 Application: Apache 1.3.9/12 Platform: SuSE Linux 6.3 and 6.4 Severity: An attacker can gain access to source code of CGI scripts. As such they may be...
Security Bulletin (MS00-057)
Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...
alibaba.txt
Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: Prizm Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It supports cgi among many...
Computer Software Manufaktur Alibaba 2.0 - Piped Command
source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine. http://victim/cgi-bin/post32.exe|echo%20c:\text.txt...
Computer Software Manufaktur Alibaba 2.0 - Piped Command
Computer Software Manufaktur Alibaba 2.0 - Piped Command source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine...
CVE-2000-0639
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server...
MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
MDMA Advisory 5 by Andrew Lewis aka. Wizdumb Reading of CGI Scripts under Savant Webserver It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request. For example, we connect to port 80 of the server and type "GET...
CVE-2000-0521
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...
CMD.EXE overflow (CISADV000420)
Cerberus Information Security Advisory CISADV000420 http://www.cerberus-infosec.co.uk/advisories.html Released : 20th April 2000 Name : CMD.EXE overflow Affected Systems : Windows NT/2000 Issue : See details Author : David Litchfield [email protected] Description The Cerberus Security Team...
CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution
CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution source: https://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefor...
Sambar Server 4.2 Beta 7 - Batch CGI
Sambar Server 4.2 Beta 7 - Batch CGI source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any vali...
Sambar Server 4.2 Beta 7 - Batch CGI
source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with...
ultimatebb.txt
Hello. Writing cgi scripts in perl is simple. It's also rather safe, providing authors follow very simple instructions. But they don't. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those...
Zeus Web Server 3.x - Null Terminated Strings
source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable eg...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
CVE-1999-0947
AN-HTTPd server is affected by a remote command execution risk due to default CGI scripts test.bat, input.bat, input2.bat, and ssi/envout.bat that allow shell metacharacters. Exploitation would enable an attacker to run arbitrary commands on the remote host. The vulnerability details are drawn fr...