CVE-2007-1588

server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges...

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

[Full-disclosure] [INetCop Security Advisory] Global Hauri Virobot cookie exploit

======================================== INetCop Security Advisory 2006-0x82-028 ======================================== Title: Global Hauri Virobot cookie exploit 0x01. Description Virobot Unix/Linux Server is anti virus program that develop in Global Hauri. Product in Unix of SUN Sparc, HP, IB...

CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

DEBIAN-CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

EUVD-2002-1393

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to 1 delete entries via direct access of admin.cgi, or 2 reconfigure Guestbook via direct access of config.cgi...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...

CVE-2001-1074

Webmin 0.84 and earlier does not properly clear the HTTPAUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges...

CVE-2001-1074

Summary: CVE-2001-1074 affects Webmin 0.84 and earlier. The vulnerability arises because Webmin does not properly clear the HTTP_AUTHORIZATION environment variable when the web server restarts, causing authentication information to be exposed to all CGI programs and enabling local privilege escal...

Apache HTTP Server on Win32 systems does not securely handle input passed to CGI programs

Overview A vulnerability in the Apache HTTP Server running on Win32 systems Windows 9x/Me, Windows NT/2000/XP could allow an attacker to execute commands with the privileges of the web server process. Description The Apache HTTP Server is a freely available web server that runs on a variety of...

CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. The vulnerability arises from trusting the ID parameter in requests, enabling privilege escalation to partial confidentiality/integrit...

EZNE.NET Ezboard 2000 - Remote Buffer Overflow

EZNE.NET Ezboard 2000 - Remote Buffer Overflow source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. A vulnerability has been reported in some versions of Ezboard. In some CGI programs, user supplied data is writt...

EZNE.NET Ezboard 2000 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. A vulnerability has been reported in some versions of Ezboard. In some CGI programs, user supplied data is written to a staticly sized array with a sprintf cal...

CVE-2001-0958

CVE-2001-0958 affects Trend Micro InterScan eManager for NT Ver.3.51 (English) and NT Ver.3.51J. The vulnerability is a remotely exploitable buffer overflow in the eManager CGI interface, caused by long arguments to multiple DLLs (register.dll, ContentFilter.dll, SFNofitication.dll, TOP10.dll, Sp...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access...

CVE-1999-1357

CVE-1999-1357 affects Netscape Communicator 4.04–4.7 on UNIX, where 0x8b is mapped to ‘’, enabling cross-site scripting via CGI scripts that fail to filter these characters. The description does not specify affected versions beyond those, nor the root cause beyond character mapping in HTML contex...

CVE-2001-0958

Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs 1 register.dll, 2 ContentFilter.dll, 3 SFNofitication.dll, 4 register.dll, 5 TOP10.dll, 6 SpamExcp.dll, and 7...

CVE-1999-1357

Netscape Communicator 4.04 through 4.7 and possibly other versions in various UNIX operating systems converts the 0x8b character to a "" sign, which could allow remote attackers to attack other clients via cross-site scripting CSS in CGI programs that do not filter these characters...

[SNS Advisory No.28]InterScan VirusWall for NT remote configuration

SNS Advisory No.28 InterScan VirusWall for NT remote configuration Problem first discovered: Thu, 24 May 2001 Published: Thu, 31 May 2001 Last Updated: Thu, 31 May 2001 ---------------------------------------------------------------------- Overview -------- Trend Micro InterScan VirusWall for...