CVE-2001-0432

The vulnerability CVE-2001-0432 affects Trend Micro Interscan VirusWall 3.01 through its remote administration CGI interface. Multiple CGI programs may overflow when given crafted inputs, allowing remote attackers to execute arbitrary commands. OpenVAS/Nessus entries also describe unauthenticated...

CVE-2001-0135

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...

Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability

Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability Jin Ho You, [email protected] 1 Discussion CrazyWWWBoardhttp://www.crazywwwboard.com is a web bulletin board program written in C/C++. Insufficient boundary checking exists in the qDecoder CGI library code which...

CVE-2000-1005

The CVE-2000-1005 entry concerns directory traversal in eXtropia WebStore CGI scripts (html_web_store.cgi and web_store.cgi). An attacker can read arbitrary files by supplying a .. (dot dot) path in the page parameter, enabling remote file disclosure. The vulnerability is evidenced by multiple so...

CVE-2000-0627

BlackBoard CourseInfo 4.0 is affected by an authentication flaw that allows local users to modify CourseInfo database information and gain privileges by directly calling supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. The provided documents do not include remediati...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

CVE-2000-0149

Zeus Web Server (versions 3.1.x–3.3.5) contains an information disclosure flaw where a null byte (%00) at the end of a URL allows remote attackers to view the source code of CGI scripts. Root cause: improper handling of CGI input leading to source disclosure. Impact is information exposure of CGI...

CVE-1999-0236

The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

CVE-1999-1412

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service crash via a flood of HTTP GET requests to CGI programs, which generates a large number of processes...

WebCom datakommunikation Guestbook 0.1 - 'rguest.exe' Arbitrary File Access

source: https://www.securityfocus.com/bid/2024/info The freeware guestbook package from freeware.webcom.se provides a web-based guestbook feature, using CGI. Some versions of this guestbook undetermined at the time of writing are vulnerable to an attack allowing an intruder to retrieve the conten...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...