Banner Rotation 01

-- Banner rotating 01 -- -- Description: "Banner rotating 01" is a cgi script distributed for free on several site builder sites, including Hot Area. The script is available on http://www.hotarea.net/web/scripts/banner01/ The cgi script offers numerous functions for those wishing to manage rotati...

CVE-2000-0381

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter...

spin_client.cgi Remote Overflow

There is a buffer overrun in the 'spinclient.cgi' CGI program, which will allow anyone to execute arbitrary commands with the same privileges as the web server root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Thanks to Tollef Fog Heen for his help include 'compat.inc' ;...

CVE-2000-0187

EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

CVE-2000-0188

EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access

The 'sojourn.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10349;...

CVE-2000-0188

EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

CVE-2000-0187

EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

zeus.null.txt

This morning Zeus Technology Limited was informed of a serious security bug in the Zeus Webserver by 'The Relay Group' http://relaygroup.com. This document describes the scope of the problem and its solution. Versions affected ----------------- Zeus 3.1.x / 3.3.x Severity -------- High- this bug...

Zeus Web Server 3.x - Null Terminated Strings

Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

CVE-1999-0753

CVE-1999-0753 affects the Mini SQL package via the w3-msql CGI script. The issue allows remote attackers to view restricted directories through the CGI, exposing partial confidentiality (per CVSS: Network, Low attack complexity, No authentication, Partial confidentiality/Integrity/Availability). ...

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...

Home Free search.cgi Traversal Arbitrary File Access

The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...

AltaVista Intranet Search CGI query Traversal Arbitrary File Access

It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

imonitor.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 USSR Advisory Code: USSR-2000030 Release Date: January 05, 2000 Systems Affected: IMail IMONITOR PORT 8181 Server for WinNT Version 5.08 and maybe other versions. IMail Server...

Tony Greenwood WebWho+ 1.1 - Remote Command Execution

source: https://www.securityfocus.com/bid/892/info WebWho+ is a free cgi script written by Tony Greenwood for executing whois queries via the www. Though it does perform checks for shell escape characters on some parameters, it misses the 'type' variable and allows for malicious input to be sent ...

Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform bounds checking on user supplied data and is vulnerable to a buffer overflow...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...