[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

pykto

This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...

eXtropia Web Store Remote File Retrieval Vulnerability - Active Check

eXtropia SPDX-FileCopyrightText: 2000 Thomas Reinke Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10532";...

OmniPro HTTPd 2.08 scripts source full disclosure

OmniPro HTTPd 2.08 suffers from a security vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' at the script suffix, the web server will no longer interpret it and rather send it back clearly as a simple documen...