40 matches found
Adcycle build.cgi Remote Password Disclosure
The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Matt Wright textcounter.pl Arbitrary Command Execution
The CGI 'textcounter' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...
virgil.txt
-----BEGIN PGP SIGNED MESSAGE----- - - -------------------------------------------------------------------------- KALIF research group [email protected] October 21st, 2002 Joschka Fischer - - -------------------------------------------------------------------------- - - Overview Software : Virgi...
CGI bugs
No description provided...
Lil'HTTP Pbcgi.cgi XSS Vulnerability
Recently, I reported on a vulnerability in the Urlcount.cgi script of Lil'HTTP Server Summit Computer Networks. This time, another CGI pbcgi.cgi has been found vulnerable to cross-site scripting. Some versions of this CGI will take the form input you POST/GET to it, and break it into name/e-mail...
CVE-2001-1241
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "!" and the desired program name...
Дырки в Interscan VirusWall, OfficeScan, Virus Buster (remote execution, buffer overflow)
Возможно запустить удаленно несколько CGI имеющих переполнения буфера...
Очередные дырки в CGI
No description provided...
PerlCal cal_make.pl p0 Parameter Traversal Arbitrary File Read
The 'calmake.pl' cgi is installed on the remote host. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
W3.org Anaya Web sendtemp.pl 'templ' Parameter Traversal Arbitrary File Access
The 'sendtemp.pl' CGI is installed. This CGI has a well known security flaw that allows an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10614;...
SUBMISSION - multiple vulnerabilities in Prospero 1.3.5 CGI
= Warped Force Advisory = Author: darkyoda [email protected] Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI Discovered: 12.15.00 Announced: 2.1.01 Vendor Status: Maintainer notified 12.27.00. New version released. Current version is 1.3.7 Platforms: Any web server capable of running...
ezmlm-cgi/ezmlm-idx-0.40 security advisory
Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....
News Publisher CGI Vulnerability
Product: News Publisher Versions: Tested v1.05, 1.05a, 1.05b and 1.06 newest OS: Unix and Winnt Vendor: Notified Web Site: www.gwscripts.com The Problem, yet again CGI authors use nested IF statements to decide what action to take upon and incoming request. This time the problem allows ppl to add...
wais.pl.advisory.txt
Wais.pl parameter passing security problem + Another fine advisory by Scrippie |============================================| Cheers to: zsh, Synnergy, phreak.nl | Lots of Love to: Maja, Hester | --- The CGI --- The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS...
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...
Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution
Excite for Webservers is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Versions newer than 1.1. are patched. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
IRIX webdist.cgi Arbitrary Command Execution
The 'webdist.cgi' CGI is installed. This script has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Multiple Vendor phf CGI Arbitrary Command Execution
The 'phf' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Miva htmlscript Traversal Arbitrary File Access
The 'htmlscript' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
PHP/FI php.cgi Traversal Arbitrary File Access
'php.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10177;...