126 matches found
Windmail.exe Shell Metacharacter Arbitrary Command Execution
The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...
winmail305.txt
I found some vulnerabilities if windmail run as a CGI application.tested On WindowsNT 4.0, Windmail 3.05 successfully. WindMail is a 32-bit Windows console program by geocel that gives you command-line e-mail messaging capability. You can download an evaluation copy of WindMail 3.0 at:...
NetWin DNews 5.3 Server - Remote Buffer Overflow
source: https://www.securityfocus.com/bid/1172/info DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group...
iis4.path.txt
Hello, There is another one way to retrieve a full path to local files in IIS4: If there is external CGI application configured for some file type and this application doesn't produce correct HTTP headers IIS generates an error with output of application both stdout and stderror. The problem is,...
WWWBoard passwd.txt Authentication Credential Disclosure
The remote host is running WWWBoard, a bulletin board system written by Matt Wright. This board system comes with a password file passwd.txt installed next to the file 'wwwboard.html'. An attacker may obtain the contents of this file and decode the password to modify the remote www board...
icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access
The installed version of the 'icat' CGI allows a remote user to read arbitrary files on the remote target, because it fails to properly sanitize user-supplied input to the 'icatcommand' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...