643 matches found
YaBB 9.11.2000 - search.pl Arbitrary Command Execution
YaBB 9.11.2000 - search.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input...
CVE-2000-0063
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...
Дырка в thttpd (ssi CGI file retrieval)
Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...
Moreover CGI script - File Disclosure
Moreover CGI script - File Disclosure source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution
source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on the...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and Setup Variables Can Be Viewed Through DBMan db.cgi Script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch...
CVE-2000-0187
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...
CVE-2000-0187
EZShopper 3.0 contains directory traversal in loadpage.cgi (and related scripts per Nessus data) that allows remote attackers to read arbitrary files via .. traversal and may permit command execution via shell metacharacters. Affected component is EZShopper’s web CGI handling; root cause is impro...
CVE-2000-0105
The CVE concerns Outlook Express 5.01 and Internet Explorer 5.01. A remote attacker can view a user’s email messages through a script that accesses a variable referencing subsequent messages read by the client. The explicit root cause is a scripting reference that exposes subsequent messages to a...
Zeus Web Server 3.x - Null Terminated Strings
Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Home Free search.cgi Traversal Arbitrary File Access
The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...
CVE-2000-0076
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover...
Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform bounds checking on user supplied data and is vulnerable to a buffer overflow...
Alibaba tst.bat Arbitrary Command Execution
The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CVE-1999-0264
htmlscript CGI program allows remote read access to files...
CVE-1999-1560
Vulnerability in a script in Texas A&M University TAMU Tiger allows local users to execute arbitrary commands as the Tiger user, usually root...
CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution
The remote host appears to be using the CdomainFree 'whoisraw.cgi' script. This CGI script allows an attacker to view any file on the target computer, as well as to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...