13 matches found
EUVD-2001-1222
Malware in sbrugna...
QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access
The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 23 Dec 2003 20:27:51 +0800 From: DrPonidi Haryanto Subject:...
Leif Wright ad.cgi file Parameter Arbitrary Command Execution
The CGI 'ad.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Adcycle build.cgi Remote Password Disclosure
The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Matt Wright textcounter.pl Arbitrary Command Execution
The CGI 'textcounter' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
The 'calmake.pl' cgi is installed on the remote host. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
W3.org Anaya Web sendtemp.pl 'templ' Parameter Traversal Arbitrary File Access
The 'sendtemp.pl' CGI is installed. This CGI has a well known security flaw that allows an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10614;...
wais.pl.advisory.txt
Wais.pl parameter passing security problem + Another fine advisory by Scrippie |============================================| Cheers to: zsh, Synnergy, phreak.nl | Lots of Love to: Maja, Hester | --- The CGI --- The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS...
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
Excite for Webservers is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Versions newer than 1.1. are patched. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Multiple Vendor phf CGI Arbitrary Command Execution
The 'phf' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
PHP/FI php.cgi Traversal Arbitrary File Access
'php.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10177;...
IRIX webdist.cgi Arbitrary Command Execution
The 'webdist.cgi' CGI is installed. This script has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...