UseModWiki wiki.pl XSS

The remote host is using UseModWiki, a wiki CGI written in Perl. The CGI 'wiki.pl' is vulnerable to a cross-site-scripting issue that may allow attackers to steal the cookies of third parties. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)

Exploit for unknown platform in category web applications ============================================================== phpBB param"atak"; $serv = $CGI-param"serv"; $dir = $CGI-param"dir"; $topic = $CGI-param"topic"; $cmd = $CGI-param"cmd"; print...

phpBB 2.0.10 - Remote Command Execution (CGI)

!/usr/bin/perl wphpbb.cgi hack service: http://site/cgi-bin/wphpbb.cgi use CGI qw:standard; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $serv = $CGI-param"serv"; $dir = $CGI-param"dir"; $topic = $CGI-param"topic"; $cmd = $CGI-param"cmd"; print...

Debian DSA-033-1 : analog - buffer overflow

The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form...

CVE-2002-1361

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP Security Hardening Patch installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter...

CVE-2002-1361

CVE-2002-1361 affects Sun Cobalt RaQ4 with the Security Hardening Patch (SHP) installed. The overflow.cgi CGI script did not properly filter input, allowing a POST to set the email parameter to shell metacharacters and enabling remote code execution with superuser privileges. Public sources descr...

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

Apache < 2.0.46 Multiple Vulnerabilities

Binary data 1443.prm...

CGI Script Path Disclosure

Binary data 1540.prm...

GoScript go.cgi Arbitrary Command Execution

The remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the 'go.cgi' script. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

page.txt

Script affected: page.cgi - content/template merging CGI Author: Andrew Kilpatrick We can execute arbitrary commands with same id of the webserver: http://www.vulnerable.com/page.cgi?url=.html|id| Thanks : Infektion Group irc.phey.net -j infektion...

SandSurfer < 1.7.1 XSS

The remote host is running SandSurfer, a web-based time keeping application. A vulnerability has been disclosed in all versions of this software, up to version 1.7.0 included which may allow an attacker to use it to perform cross-site scripting attacks against third-party users. %NASLMINLEVEL 703...

CVE-2003-0992

CVE-2003-0992 is a documented cross-site scripting vulnerability in Mailman’s create CGI script, exploitable to steal cookies of other users. Affected versions are Mailman 2.1.x before 2.1.3; the issue is fixed in later releases (e.g., patches included in 2.1.3 and newer). The linked OpenVAS/Ness...

SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure

The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to launch more effective attacks against the remote server. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scrip...

[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix Apache security vulnerabilities Advisory ID: RHSA-2003:320-01 Issue date: 2003-12-16 Updated on: 2003-12-16 Product:...

Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities

Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Linux 8.0 and 9. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration fil...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

lednews.txt

XSS Vulnerability in LedNews CGI/Perl v0.7 URL: http://www.ledscripts.com/index.php?page=free:perl:lednews Description ======= LedNews is a CGI application written entirely in perl. Its designed to be as simple as possible, but very powerful at the same thing. Vulnerability ======== The script do...