738 matches found
WebGais webgais CGI Arbitrary Command Execution
The 'webgais' CGI is installed. This CGI may let an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10300;...
Sambar Server dumpenv.pl Information Disclosure
CGI script 'dumpenv.pl' is installed on the remote host. This CGI gives away too much information about the web server configuration, which will help an attacker. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
O'Reilly WebSite uploader.exe Arbitrary File Upload
The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Apple Mac OSX Server 10.0 - Overload
Apple Mac OSX Server 10.0 - Overload source: https://www.securityfocus.com/bid/306/info A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP...
Apple Mac OSX Server 10.0 - Overload
source: https://www.securityfocus.com/bid/306/info A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GET request to a CGI script in a loo...
CVE-1999-1063
CDomain whoisraw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter...
CVE-1999-1255
Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an editfile action parameter...
CVE-1999-1155
LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...
CVE-1999-0262
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string...
CVE-1999-1179
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands...
Info2www 1.01.1 - CGI Input Handling
Info2www 1.01.1 - CGI Input Handling source: https://www.securityfocus.com/bid/1995/info The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web...
CVE-1999-0266
The info2www CGI script allows remote file access or remote command execution...
NCSA httpd-campas 1.2 - sample script
source: https://www.securityfocus.com/bid/1975/info Campas is a sample CGI script shipped with some older versions of NCSA HTTPd, an obsolete web server package. The versions that included the script could not be determined as the server is no longer maintained, but version 1.2 of the script itse...
NCSA httpd-campas 1.2 - sample script
NCSA httpd-campas 1.2 - sample script source: https://www.securityfocus.com/bid/1975/info Campas is a sample CGI script shipped with some older versions of NCSA HTTPd, an obsolete web server package. The versions that included the script could not be determined as the server is no longer...
CVE-1999-0045
List of arbitrary files on Web host via nph-test-cgi script...
Novell NetWare Web Server 2.x - convert.bas
source: https://www.securityfocus.com/bid/2025/info Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simply by submitting the filename and path as a...
Novell NetWare Web Server 2.x - convert.bas
Novell NetWare Web Server 2.x - convert.bas source: https://www.securityfocus.com/bid/2025/info Novell NetWare Web Server 2.x versions came with a CGI written in BASIC called convert.bas. This script allows retrieval of files outside of the normal web server context. This can be accomplished simp...
Apache 0.8.x1.0.x NCSA HTTPd 1.x - test-cgi Directory Listing
Apache 0.8.x1.0.x NCSA HTTPd 1.x - test-cgi Directory Listing source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shel...