PALS Library System WebPALS 1.0 pals-cgi Traversal Arbitrary File Read

No description provided by source. source: http://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root...

Sambar Server pagecount CGI Traversal Arbitrary File Overwrite

By default, there is a pagecount script with Sambar Web Server located at http://sambarserver/session/pagecount This counter writes its temporary files in c:\sambardirectory\tmp. It allows to overwrite any files on the filesystem since the 'page' parameter is not checked against '../../' attacks...

Multiple Vendor view_source CGI Traversal Arbitrary File Access

The 'viewsource' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik...