462 matches found
@stake Advisory: SuSE Apache CGI Source Code Viewing (A090700-2)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com www.cerberus-infosec.co.uk Security Advisory Release Date: 09/07/2000 Application: Apache 1.3.9/12 Platform: SuSE Linux 6.3 and 6.4 Severity: An attacker can gain access to source code of CGI scripts. As such they may be...
Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or...
Security Bulletin (MS00-057)
Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...
Computer Software Manufaktur Alibaba 2.0 - Piped Command
Computer Software Manufaktur Alibaba 2.0 - Piped Command source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine...
alibaba.txt
Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: Prizm Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It supports cgi among many...
Computer Software Manufaktur Alibaba 2.0 - Piped Command
source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine. http://victim/cgi-bin/post32.exe|echo%20c:\text.txt...
CVE-2000-0639
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server...
MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
MDMA Advisory 5 by Andrew Lewis aka. Wizdumb Reading of CGI Scripts under Savant Webserver It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request. For example, we connect to port 80 of the server and type "GET...
CVE-2000-0521
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...
CMD.EXE overflow (CISADV000420)
Cerberus Information Security Advisory CISADV000420 http://www.cerberus-infosec.co.uk/advisories.html Released : 20th April 2000 Name : CMD.EXE overflow Affected Systems : Windows NT/2000 Issue : See details Author : David Litchfield [email protected] Description The Cerberus Security Team...
CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution
CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution source: https://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefor...
Sambar Server 4.2 Beta 7 - Batch CGI
source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with...
Sambar Server 4.2 Beta 7 - Batch CGI
Sambar Server 4.2 Beta 7 - Batch CGI source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any vali...
ultimatebb.txt
Hello. Writing cgi scripts in perl is simple. It's also rather safe, providing authors follow very simple instructions. But they don't. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those...
Zeus Web Server 3.x - Null Terminated Strings
source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable eg...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
CVE-1999-0947
AN-HTTPd server is affected by a remote command execution risk due to default CGI scripts test.bat, input.bat, input2.bat, and ssi/envout.bat that allow shell metacharacters. Exploitation would enable an attacker to run arbitrary commands on the remote host. The vulnerability details are drawn fr...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
AN-HTTPd 1.2b - CGI s
source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...
macos.x.server.cgi.txt
Date: Thu, 3 Jun 1999 19:35:58 +0200 From: Juergen Schmidt To: [email protected] Subject: MacOS X system panic with CGI Hello all, when doing performance tests with different web servers, I found, that MacOS X Server running apache crashed under medium load, when I was calling CGI-scripts. It...