CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

Apache Web Server ap_log_rerror() function discloses full path to CGI script

Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...

Buffer overflow in Oracle 9iAS Reports Server

Buffer overflow in CGI script...

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...

CVE-2002-0489

CVE-2002-0489 affects the Linux Directory Penguin NsLookup CGI script (nslookup.pl) version 1.0. It allows remote code execution via shell metacharacters in the (1) query or (2) type parameters. The NVD record assigns a base score of 10.0 (HIGH) with network attack vector, low complexity, no auth...

CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation

The AlienForm CGI script allows an attacker to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file. The AlienForm CGI script is installed as either af.cgi or alienform.cgi. %NASLMINLEVEL 70300 This script was written by Andrew...

MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access

The 'mrtg.cgi' script is part of the MRTG traffic visualization application. A vulnerability exists in this script that allows an attacker to view the first line of any file on the system. %NASLMINLEVEL 70300 This script was written by H D Moore Script audit and contributions from Carmichael...

CGIScript.net - csPassword.cgi 1.0 Information Disclosure

CGIScript.net - csPassword.cgi 1.0 Information Disclosure source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by...

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

CVE-2002-0266

The connected documents confirm CVE-2002-0266 affects Thunderstone Texis CGI scripts, enabling unauthenticated remote disclosure of the web root path by requesting a nonexistent file, with error messages revealing the full pathname. No fix/version remediation details are provided in the supplied ...

CVE-2002-0266

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...

vqServer 1.9.x - CGI Demo Program Script Injection

source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues,...

vqServer 1.9.x - CGI Demo Program Script Injection

vqServer 1.9.x - CGI Demo Program Script Injection source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included...

FileSeek cgi script advisory

Best to read is the online version: http://www.dsinet.org/textfiles/advisories/FileSeek-advisory.txt ------------------------------ FileSeek cgi script Advisory ------------------------------ FileSeek.cgi / FileSeek2.cgi 16/04/2002 - by Thijs Bosschert [email protected]...

FileSeek - CGI Script File Disclosure

source: https://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. FileSeek.cgi and FileSeek2.cgi are prone...

FileSeek CGI Script - Remote Command Execution

FileSeek CGI Script - Remote Command Execution source: https://www.securityfocus.com/bid/6783/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web...

FileSeek CGI Script - Remote Command Execution

source: https://www.securityfocus.com/bid/6783/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. It has been reported that FileSeek.cgi a...

CGIscript.net - csSearch.cgi - Remote Code Execution &#40;up to 17,000 sites vulnerable&#41;

CGIscript.net - csSearch.cgi - Remote Code Execution up to 17,000 sites vulnerable --------------------------------------------------------------------- Name : csSearch.cgi - Remote Code Execution Date : March 25, 2002 Product : csSearch Version : 2.3 vulnerable Vuln Type : Access Validation Erro...

Solaris 7.08 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution

Solaris 7.08 Sunsolve CD - SSCDSunCourier.pl CGI Script Arbitrary Command Execution source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI scri...