9 matches found
CGI Abuse
Gitlab is vulnerable to CGI Abuse. An attacker can abuse scan execution policies to run pipelines as another user compromising Confidentiality and Integrity of the system...
eScan MWAdmin Interface Detection
MWAdmin, a web interface included with multiple Linux-based eScan products, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45344; scriptversion"1.9"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"eScan MWAdmin Interface...
CGI Generic SQL Injection (blind, time based)
By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to...
Netbilling nbmember.cgi cmd Parameter Information Disclosure
nbmember.cgi is installed on the remote host. The remote version of this software is vulnerable to an information disclosure flaw which may allow an attacker to access sensitive system information resulting in a loss of confidentiality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
PostNuke Rating System DoS
The remote host is running PostNuke. PostNuke Phoenix 0.721, 0.722 and 0.723 allows a remote attacker causes a denial of service to legitmate users, by submitting a string to its rating system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Note: Based on the proof of concept example, NOT...
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
The remote host has the cgi 'counter.php' installed. This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
The remote host includes a CGI /cgi-bin/readfile.tcl which allows anyone to read arbitrary files on the remote host with the privileges of the HTTP daemon typically 'nobody'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: Jonas Eriksson mailto:[email protected] Date: 23/04/2003 To:...
Alibaba tst.bat Arbitrary Command Execution
The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
HylaFAX faxsurvey Arbitrary Command Execution
The 'faxsurvey' CGI does not sanitize input to the query string. A remote attacker could exploit this to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10067; scriptversion"1.45";...