CVE-2026-28808

CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...

EUVD-2019-4894

Malware in sbrugna...

Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV

In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...

Oracle 9iAS allows access to CGI script source code within CGI-BIN directory

Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...