CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...

iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read

The 'hsx.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescripti...

phf CGI Script fails to guard against newline characters

Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

CVE-2000-0912

The CVE-2000-0912 entry concerns the MultiHTML CGI script (multihtml.pl). Affected component: the multihtml.pl CGI. The underlying issue is a traversal/file-access vulnerability where the attacker can specify the file name via the multi parameter, enabling reading of arbitrary files on the remote...

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...

CVE-2000-0287

The CVE-2000-0287 vulnerability affects BizDB’s web database integration product, specifically the Perl CGI script bizdb-search.cgi. The flaw arises when the dbname parameter is passed to an unchecked open() call, allowing remote attackers to execute commands at the webserver’s privilege level by...

CVE-2000-0944

The CVE-2000-0944 issue affects CGI Script Center News Update 1.1. The vulnerability is in the password change flow where the original news administration password is not properly validated, enabling remote attackers to modify the password without knowing the original. Impact is unauthenticated r...

CVE-2000-0944

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...

CVE-2000-0912

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

CVE-2000-1176

Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. dot dot attack in the "catsearch" form field...

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution

eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...

CVE-2000-0924

Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. dot dot attack in the "catigory" parameter...

CVE-2000-0912

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...

CVE-2000-0944

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...

CVE-2000-1176

CVE-2000-1176 describes a directory-traversal vulnerability in YaBB’s search.pl CGI script, permitting remote attackers to read arbitrary files by abusing a .. (dot dot) input in the catsearch form field. The issue is documented for YaBB SE configurations, including references to older plugins th...