103 matches found
Очередные дырки в CGI
No description provided...
Очередные дырки в CGI
No description provided...
Очередные дырки в CGI
Возможность получть любой файл через обратный путь в директориях...
Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access
The 'ttawebtop.cgi' CGI is installed. The installed version is affected by multiple flaws : - It is possible to read arbitrary files from the remote system by including directory traversal strings in the request. - It may be possible for an attacker to execute arbitrary commands with the privileg...
Очередные дырки в CGI
Обратный путь в директориях...
Очередные дырки в CGI
No description provided...
Очередные дырки в CGI
Обратный путь в директориях, открытые на чтение пароли...
Очередные дырки в CGI
Недостаточная проверка ввода пользователя при вызове внешней программы...
Дырки в CGI Iconboard
Обратный путь в директориях в сочетании с ошибкой NULL-byte позволяет получить содержимое любого файла...
Очередные дырки в CGI
Некорректные файловые разрешения...
Очередные дырки в CGI
No description provided...
Очередные дырки в CGI
Недостаточная проверка ввода пользователя приводит к различным неприятным последствиям...
Poll It CGI 2.0 - Multiple Vulnerabilities
!/usr/bin/perl Poll It CGI v2.0 exploit keelis/havoc korp 2000 shouts to modjo, p, zen, kd, ab, all the script kiddies. keelisathushmaildotcom use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print"\n\t+--- Poll It CGI v2.0 exploit ---+"; print"\n\t+--- keelis/havoc korp 2000 ---+\n\n\n"...
eXtropia Web Store web_store.cgi Traversal Arbitrary File Access
The remote web server is hosting eXtropia WebStore, a shopping cart application. The installed version allows an attacker to read arbitrary files via a .. dot dot attack on the page parameter. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details...
Unsafe passing of variables to mailform.pl in MailForm V2.0
Title: Unsafe passing of variables to mailform.pl in MailForm V2.0 For Unix or NT Advisory Author: Karl Hanmore [email protected] Script URL: http://rlaj.com/scripts/mailform Script Author: Ranson Johnson Advisory Released: 11 September 2000 Vendor notified: [email protected] 05 Sept...
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
The 'bigconf' CGI is installed. This CGI has a well-known security flaw that allows an attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities // source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
// source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver practice. This results in various...
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
The remote web server is an AN-HTTPD server which contains default CGI scripts. At least one of these CGIs is installed on the remote server : cgi-bin/test.bat cgi-bin/input.bat cgi-bin/input2.bat ssi/envout.bat It is possible to misuse them to make the remote server execute arbitrary commands...
www-cgi-vulner.txt
Date: Mon, 9 Nov 1998 18:26:05 -0600 From: xnec To: [email protected] Subject: Several new CGI vulnerabilities INFO: After looking over the perl-CGI scripts on www.cgi-resources.com, I've discovered vulnerabilities in the following: 1. HAMcards Postcard script v1.0 Beta 2 www.hamnetcenter.com ...