CVE-2000-0923

authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...

CVE-2000-0952

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters...

CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...

CVE-2000-1186

Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...

CVE-2000-1110

CVE-2000-1110 affects the IBM Net.Data db2www package: the document.d2w CGI program can be probed to reveal the web server’s physical path when a nonexistent command is sent. This is a path disclosure weakness, with partial impact on confidentiality reported (base score 5.0, MITRE ATT&CK not spec...

CVE-2000-1092

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter...

CVE-2000-0977

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter...

CVE-2000-1186

CVE-2000-1186 describes a buffer overflow in the phf CGI program that allows remote command execution by supplying a large number of arguments and a long MIME header. The NVD entry lists a-network attack vector, low complexity, no authentication, and partial CIA impact with a base score of 7.5 (H...

CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...

auction.weaver.txt

File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 -------------------------------------------------------------- Title: File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Author: Steve Christey [email protected] Date Published: October 16, 2000 Product Name: Auction Weaver...

CVE-2000-0832

Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter...

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

thttpd ssi: retrieval of arbitrary world-readable files

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...

thttpd-219.txt

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description The included cgi-bin...

CVE-2000-0423

Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag...

CVE-2000-0422

Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter...

CVE-2000-0526

mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack...

CVE-2000-0422

Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter...

CVE-2000-0192

The default installation of Caldera OpenLinux 2.3 includes the CGI program rpmquery, which allows remote attackers to determine what packages are installed on the system...

CVE-2000-0192

The CVE-2000-0192 issue affects the default installation of Caldera OpenLinux 2.3 via the rpm_query CGI, which allows remote attackers to enumerate installed RPMs by accessing the CGI over the web server. This leads to information disclosure about installed services and versions (partial confiden...