Security Advisory - A CGI application vulnerability in Some Huawei Products

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

Behold! Software counter.exe Malformed HTTP Request Counter Log DoS

The CGI 'counter.exe' exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the web server. %NASLMINLEVEL 70300 This script was written by John...

CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval

The CSNews.cgi exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker can submit a specially crafted web form, which can display the 'setup.cgi' file that contains the superuser name and password. %NASLMINLEVEL 70300 This script was written by John...

WWWBoard passwd.txt Authentication Credential Disclosure

The remote host is running WWWBoard, a bulletin board system written by Matt Wright. This board system comes with a password file passwd.txt installed next to the file 'wwwboard.html'. An attacker may obtain the contents of this file and decode the password to modify the remote www board...

icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access

The installed version of the 'icat' CGI allows a remote user to read arbitrary files on the remote target, because it fails to properly sanitize user-supplied input to the 'icatcommand' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...