730 matches found
Solaris 7.0/8 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution
source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI script included with the CD does not adequately sanitize input. Due to a design failure...
CVE-2001-1010
CVE-2001-1010 affects Sambar Server’s pagecount CGI script (located at /session/pagecount). The vulnerability arises because the page parameter is not validated against directory traversal (".."), enabling a remote attacker to overwrite arbitrary files on the filesystem. The root cause is lack of...
CVE-2001-1010
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. dot dot attack on the page parameter...
Oracle 9iAS allows access to CGI script source code within CGI-BIN directory
Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...
Mrtg Path Disclosure Vulnerability (Revised)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /This is Mrtg Web Frontend 14all.cgi bug. You may find the revised security announcement below/ Mrtg/RRD 14all.cgi Path Disclosure Vulnerability Type: Input Validation Error Release Date: February 4, 2002 Product / Vendor: 14all.cgi is a CGI script to...
new advisory
---=== UkR Security Team advisory ===--- Name : MRTG CGI script "show files" Vulnerability About : The Multi Router Traffic Grapher MRTG is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traff...
zml.cgi Directory Traversal
ZML.cgi is vulnerable to a directory traversal attack. It enables a remote attacker to view any file on the computer with the privileges of the cgi/httpd user. %NASLMINLEVEL 70300 This script was written by Drew Hintz http://guh.nu It is based on scripts written by Renaud Deraison and HD Moore Se...
CVE-2001-0849
Viralator vulnerability (CVE-2001-0849) affects Viralator 0.9pre1 and earlier, where the CGI (viralator.cgi) insecurely passes a file URL to wget, enabling remote code execution with the web server’s privileges. OpenVAS findings confirm a command execution path via the Viralator CGI, with remedia...
iBill Management Script - Weak Hard-Coded Password
iBill Management Script - Weak Hard-Coded Password source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default...
Mountain Network Systems WebCart 8.4 - Command Execution
source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by the script. WebCart exploit Spawn bash style Shell with...
CVE-2001-0795
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...
CVE-2000-0877
CVE-2000-0877 concerns the MailForm 2.0 product, specifically the mailform.pl CGI script. The vulnerability allows remote attackers to read arbitrary files by supplying a filename in the XX-attach_file parameter, which MailForm then sends to the attacker. The issue directly concerns the confident...
Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL
Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...
CVE-1999-1154
The CVE-1999-1154 entry concerns the LakeWeb Filemail CGI script. The vulnerability arises when a recipient email address can include shell metacharacters, enabling remote command execution via the CGI script. The issue is rooted in improper handling of email input in the CGI component, with a ne...
CVE-1999-1179
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands...
CVE-1999-1153
CVE-1999-1153 affects HAMcards Postcard CGI script 1.0. The vulnerability allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the recipient email address, enabling potentially partial confidentiality, integrity, and availability impact. The CVSS score (2.0) ...
CVE-1999-1155
LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...
CVE-1999-1154
LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...
CVE-1999-1179
CVE-1999-1179 describes a vulnerability in the included man.sh CGI script from SysAdmin Magazine (May 1998) that allows remote attackers to execute arbitrary commands. The NVD notes a CVSSv2 base score of 7.5 (HIGH) with AV:N/AC:L/Au:N/C:P/I:P/A:P. The entry lists no exploitation status and provi...
CVE-1999-1063
CDomain whoisraw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter...