Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

CVE-2005-3094

Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter...

Alkalay.Net Multiple Scripts Arbitrary Command Execution

The remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

man2web Multiple Scripts Arbitrary Command Execution

The remote host appears to be running man2web, a program for dynamically converting unix man pages to HTML. The installed version of man2web allows attackers to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable...

man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)

Exploit for cgi platform in category web applications =================================================================== man2web include include include include void usagechar argv0 fprintfstderr, "x86/linux multipie man2web cgi-scripts remote command spawn\n"; fprintfstderr, "researched by...

Community Link Pro login.cgi file Parameter Arbitrary Command Execution

The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'login.cgi' script of shell metacharacters before using it to run a command. An unauthenticated attacker can...

FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)

An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server. The problem specifically exists when the application is running as a CGI script on a web server. The...

SiteMinder 5.5 Multiple Script XSS

The remote host is running SiteMinder, an access-management solution from Netegrity / Computer Associates. The installed version of SiteMinder suffers from several cross-site scripting flaws in its 'smpwservicescgi.exe' and 'login.fcc' scripts. An attacker can exploit these flaws to inject...

CGI-Club imTRBBS 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/14091/info imTRBBS is affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'imtrbbs.cgi' script that will be executed in the context of the Web server...

CVE-2002-1986

Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...

CVE-2002-1850

The CVE-2002-1850 issue affects Apache’s mod_cgi in versions 2.0.39 and 2.0.40. A CGI script that writes a large amount of data to stderr can trigger a read/write deadlock between httpd and the CGI script, allowing local users and possibly remote attackers to cause a denial of service (hang and m...

CVE-2002-1854

Rlaj whois CGI script whois.cgi 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field...

CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

CVE-2002-1854

Technical details about CVE-2002-1854 are not publicly available in the provided connected documents. The record repeats the domain-name shell metacharacter vulnerability in whois.cgi, but no product/vendor/version or fix is disclosed here. Monitor for updates.

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

The remote host is running K-COLLECT csv-database, a web application written in perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'csvdb.cgi' script before using it to run a shell command. An unauthenticated can exploit this issue to execute...

CVE-2002-1751

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

ViRobot Linux Server addschup Multiple Overflows

The remote host is running ViRobot Linux Server, a commercial anti- virus product for Linux. According to its banner, the installed version of ViRobot Linux Server suffers from a remote buffer overflow vulnerability in its web-based management interface. By passing specially crafted data through...

Listserv < 14.3-2005a Multiple Vulnerabilities

According to its version number, the Listserv web interface on the remote host suffers from several critical and as-yet unspecified vulnerabilities. An attacker may be able to exploit these flaws to execute arbitrary code on the affected system or allow remote denial of service. %NASLMINLEVEL 703...

SqWebMail redirect Parameter CRLF Injected XSS

The remote host is running a version of SqWebMail that does not properly sanitize user-supplied input through the 'redirect' parameter. An attacker can exploit this flaw to inject arbitrary HTML and script code into a user's browser to be executed within the context of the affected website. Such...

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow 2 // source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm...