CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields...

Xerver-2.10.txt

------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez Thanks all...

CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields...

CVE-2002-0091

CVE-2002-0091 affects CIDER SHADOW 1.5 and 1.6. The vulnerability consists of CGI scripts that allow remote execution of arbitrary commands through certain form fields due to insufficient input verification. Impact is remote code execution with the privileges of the web server process; exploitati...

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

CVE-2001-1024

CVE-2001-1024 : Entrust getAccess CGI scripts (e.g., login.gas.bat) are vulnerable to remote command execution via an alternate -classpath argument, allowing an attacker to run Java programs. The CVSS data indicates a Network-exposed, low complexity, no-auth exploit with Partial impact on confide...

CVE-2001-1024

login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument...

GOBBLES CGI MARATHON #003

PRODUCT AdStreamer http://www.sha-la-la.com/adstreamer/ DESCRIPTION This software have many an open call that can exploited with Perl tricks like ../, 00, |, etc. bash-2.05$ egrep 'open|system|exec|eval' .cgi addbanner.cgi: This script is apart of the Banner Manager system. It will add banners...

CVE-2001-0918

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

CVE-2001-0795

Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...

PT-2001-1972 · Perception · Perception Liteserve

Name of the Vulnerable Software and Affected Versions: Perception LiteServe version 1.25 Description: The issue allows remote attackers to obtain the source code of CGI scripts via URLs that contain MS-DOS conventions, such as upper case letters or 8.3 file names. Recommendations: For Perception...

CVE-1999-1278

nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via 1 nlog-smb.pl or 2 rpc-nlog.pl...

CVE-1999-1278

CVE-1999-1278 affects the nlog CGI scripts where the IP address argument is not properly filtered for shell metacharacters. This enables remote attackers to execute commands via two scripts: (1) nlog-smb.pl and (2) rpc-nlog.pl. The description does not provide additional details on affected versi...

Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure

Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure source: https://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI script...

CVE-2001-1024

login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

CVE-2000-0521

Savant web server vulnerability CVE-2000-0521 allows remote disclosure of CGI source by requesting the original CGI form. The OpenVAS NASL description: “Savant original form CGI access” states that attackers can download the unprocessed CGI, exposing sensitive information stored inside those scri...

CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...

CVE-2000-0696

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...