[NT] BEA Tuxedo Administration CGI Multiple Argument Issues

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

SCO Internet Manager privilege escalation

It's possible to spoof authentication data lockally for suid CGI application...

Behold! Software counter.exe Malformed HTTP Request Counter Log DoS

The CGI 'counter.exe' exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the web server. %NASLMINLEVEL 70300 This script was written by John...

CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval

The CSNews.cgi exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker can submit a specially crafted web form, which can display the 'setup.cgi' file that contains the superuser name and password. %NASLMINLEVEL 70300 This script was written by John...

Apache descriptor leakage

Few descriptors, including descriptor to log file are leaked on CGI application execution...

Apache stderr DoS

Large CGI application stderr output causes Apache to hang...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

ezmlm-cgi

Package : ezmlm-0.53 and below ezmlm-cgi Announced: 2000-12-05 Ezmlm is an easy to use mailing list manager for qmail. It ships with a cgi application to allow for list archiving and reviewal over the web. Documentation states that the cgi should be installed suid root, but in real world...

IBM Net.Data 7.0 - Full Path Disclosure

source: https://www.securityfocus.com/bid/2017/info IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases. Net.Data contains a vulnerability which reveals server information...

McMurtreyWhitaker Associates Cart32 3.03.13.5 - Full Path Disclosure

McMurtreyWhitaker Associates Cart32 3.03.13.5 - Full Path Disclosure source : https://www.securityfocus.com/bid/1932/info Cart32 is a shopping cart application for e-commerce enabled sites. Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by wa...

McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 - Full Path Disclosure

source : https://www.securityfocus.com/bid/1932/info Cart32 is a shopping cart application for e-commerce enabled sites. Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, will reveal the physical path to the web ro...

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that...

TalentSoft Web+ ClientMonitorserver 4.6 - Internal IP Address Disclosure

TalentSoft Web+ ClientMonitorserver 4.6 - Internal IP Address Disclosure source: https://www.securityfocus.com/bid/1720/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. A vulnerability exists in one of the CGI applications implemented by Web+...

MultiHTML multihtml.pl Traversal Arbitrary File Access

The 'multihtml.pl' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files on the remote host through the 'multi' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

Проблемы с установкой Apache в SuSE Linux

Ошибка в файле конфигурации стандартной установки позволяет получать исходные тексты CGI-приложений. Кроме того, компонент WebDAV позволяет получать список файлов в директории...

CGI-World Poll It 2.0 - Internal Variable Override

CGI-World Poll It 2.0 - Internal Variable Override source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote us...

CGI-World Poll It 2.0 - Internal Variable Override

source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote user by specifying the new value as a variable in the...

NetWin dMailWeb Unrestricted Mail Relay

Product: NetWin dMailWeb Type: Unrestricted Mail Relay Severity: Moderate Versions: = 2.6g: Case A All, configuration error: Case B Note: NetWin cwMail also appears vulnerable to the same attacks, and appears to be using exactly the same version numbers. --- Overview dMailWeb is a CGI application...

Ошибка в Savant

При непоном GET-запросе сервер выдает содержимое CGI-приложения вместо его результата...