738 matches found
Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL
Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...
CVE-1999-1154
LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...
CVE-1999-1155
LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...
CVE-1999-1179
CVE-1999-1179 describes a vulnerability in the included man.sh CGI script from SysAdmin Magazine (May 1998) that allows remote attackers to execute arbitrary commands. The NVD notes a CVSSv2 base score of 7.5 (HIGH) with AV:N/AC:L/Au:N/C:P/I:P/A:P. The entry lists no exploitation status and provi...
CVE-1999-1179
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands...
CVE-1999-1063
CDomain whoisraw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter...
CVE-1999-1153
CVE-1999-1153 affects HAMcards Postcard CGI script 1.0. The vulnerability allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the recipient email address, enabling potentially partial confidentiality, integrity, and availability impact. The CVSS score (2.0) ...
CVE-1999-1154
The CVE-1999-1154 entry concerns the LakeWeb Filemail CGI script. The vulnerability arises when a recipient email address can include shell metacharacters, enabling remote command execution via the CGI script. The issue is rooted in improper handling of email input in the CGI component, with a ne...
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
The CGI 'book.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10721; scriptversion"1.27";...
Omnicron OmniHTTPd 2.0.7 - File Corruption Command Execution
Omnicron OmniHTTPd 2.0.7 - File Corruption Command Execution source: https://www.securityfocus.com/bid/2211/info OmniHTTPD is a compact Windows based web server by Omnicron Technologies. OmniHTTPD has various features including multiple domain support, keep-alive connections, supports virtual IP...
multiple vulnerabilities in un-cgi
I recently found a number of vulnerabilities in the CGI wrapper program uncgi'. I was amazed to find out this was never reported before at least; the archives don't show it. Description ----------- Un-CGI is a little program that parses options in i.e. QUERYSTRING and starts a CGI script. Since a...
Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing
source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script included with the Tarantella,...
Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation
Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly...
Sean MacGuire Big Brother 1.0/1.3/1.4 - CGI File Creation
source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. ./bb 1.2.3.4...
mimanet source viewer 2.0 - Directory Traversal
mimanet source viewer 2.0 - Directory Traversal source: https://www.securityfocus.com/bid/2762/info MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server. Source Viewer accepts an argument, 'loc', which it uses a...
A1Stats Multiple Script Traversal Arbitrary File Access
The 'aldisp.cgi' CGI script was found on this system. This script allows an attacker to view any file on the target computer by making a specially crafted GET request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CGI - nph-maillist.pl vulnerability...
Hello BuGReaders... Script: nph-maillist.plcgi Introduction: cat from source .................................................................... Created by: Matt Tourtillott URL: www.marketrends.net email [email protected] The email list generator is a web interfaced script that allows the...
nph-maillist 3.03.5 - Arbitrary Code Execution
nph-maillist 3.03.5 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the...
nph-maillist 3.0/3.5 - Arbitrary Code Execution
source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form, and then force a mailing which wil...
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
The 'ustorekeeper.pl' CGI script installed on the remote host allows an attacker to read arbitrary files subject to the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...