CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...

Дырка в thttpd (ssi CGI file retrieval)

Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...

Moreover CGI script - File Disclosure

Moreover CGI script - File Disclosure source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...

CVE-2000-0187

EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

Zeus Web Server 3.x - Null Terminated Strings

Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...

AltaVista Intranet Search CGI query Traversal Arbitrary File Access

It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Home Free search.cgi Traversal Arbitrary File Access

The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...

Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform bounds checking on user supplied data and is vulnerable to a buffer overflow...

CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution

The remote host appears to be using the CdomainFree 'whoisraw.cgi' script. This CGI script allows an attacker to view any file on the target computer, as well as to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

O'Reilly WebSite uploader.exe Arbitrary File Upload

The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

IRIX wrap CGI Traversal Arbitrary Directory Listing

The 'wrap' CGI is installed. This CGI allows anyone to get a listing for any directory with mode +755. Note that not all implementations of 'wrap' are vulnerable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Novell NetWare Web Server 2.x - convert.bas

Novell NetWare Web Server 2.x - convert.bas source: https://www.securityfocus.com/bid/2025/info Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simp...