CVE-2001-1083

Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service crash via a URL that ends in . dot, / forward slash, or \ backward slash...

CGIScript.net - csMailto Hidden Form Field Remote Command Execution

source: https://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are contained in hidden form values. As a...

[NT] Sambar Webserver Serverside Fileparse Bypass

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

ibrow NewsDesk does not securely handle input passed to open()

Overview A vulnerability in ibrow NewsDesk allows an attacker to view files and execute operating system commands with the privileges of the web server. Description ibrow NewsDesk is a Perl CGI script that is designed to create and display news articles on a web site. The code for NewsDesk is...

IMP 2.2.6 (SECURITY) released

The Horde team announces the availability of IMP 2.2.6, which fixes three potential security issues. We strongly recommend that all sites running IMP 2.2.x upgrade to this version. 1 A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get...

Дырка в G6 FTP (directory traversal)

Обратный путь в директориях позволяет получить любой файл с сервера...

Очередная дырка в WebSite Pro

CGI-директории по умолчанию открыты на запись. В состав сервера входит программа, позволяющая загружать файлы на сервер. Кроме того, при определенном запросе сервер показывает путь к локальным файлам, что суммарно позволяет загрузить и выполнить любой файл на сервере...

Stalker's CGImail Gives Read Access to All Server Files

Stalker's CGImail Gives Read Access to All Server Files ------------------------------------------------------- Stalker Lab's Mailers package for Windows NT contains the CGImail.exe program, which is used to convert the contents of an HTML form to an email. The program takes a template file on th...

CVE-1999-0346

The CVE-1999-0346 issue concerns PHP/FI environments with the mylog.html/mlog.html files vulnerable to arbitrary file read. Affected component: PHP/FI prior to 3.0 (mylog.html/mlog.html). Root cause: flaw in the mylog.html/mlog.html handling allows reading arbitrary files on the server. Impact: r...

CVE-1999-0175

The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server...