766 matches found
Ourspace 2.0.9 (uploadmedia.cgi) Remote File Upload Vulnerability
Exploit for cgi platform in category web applications ================================================================= Ourspace 2.0.9 uploadmedia.cgi Remote File Upload Vulnerability ================================================================= ++++++++++++++++++++++++++++++++++++ | Discover...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...
CVE-2007-3417
Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...
CVE-2007-3364
Cross-site scripting XSS vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content...
PT-2007-4294 · Salescart · Salescart Shopping Cart
Name of the Vulnerable Software and Affected Versions: SalesCart Shopping Cart affected versions not specified Description: The issue concerns SQL injection vulnerabilities in the cgi-bin/reorder2.asp file of SalesCart Shopping Cart, allowing remote attackers to execute arbitrary SQL commands via...
CVE-2006-7189
CVE-2006-7189 describes a cross-site scripting (XSS) vulnerability in the web-app.net WebAPP product, specifically in the shell path CGI-bin/admin/logs.cgi, prior to version 20060403. The flaw allows remote attackers to inject arbitrary web script or HTML through unspecified vectors related to th...
Windows2000 under the administrator account really insecure-vulnerability warning-the black bar safety net
If you have an ordinary user account,there is a very simple method to get the NT Administrator account: One of: first c:\winnt\system32 under logon. the scr was renamed as logon. old backup Then put the usrmgr. exe renamed to logon. scr Then restart the logon. the scr is loaded at startup of the...
Teach you to retrieve Windows NT Admin rights on the method-vulnerability warning-the black bar safety net
One, by modifying the registry Those who have logged on NT the machine of the user, for example, IUSRmachine, have to HKEYLOCALMACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Run item Read and write permissions, the user can remotely access This item. For example, he can create a bat file, the...
Apache for Windows script source code leak
It's possible to access script code if cgi-bin is within DocumentRoot...
D-Link Access-Point <= 2.10na (DWL Series) Config Disclosure Vuln
No description provided by source. ADVISORY/0206 - D-Link Wireless Access-Point DWL-2100ap INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORY http://www.intruders.com.br/ , http://www.intruders.org.br/ Making a HTTP request to the /cgi-bin/ directory, the Web server will return error 404 Page not...
CVE-2006-2003
The CVE-2006-2003 entry concerns a cross-site scripting (XSS) vulnerability in the Community Architect Guestbook, specifically in the cgi-bin/guest component. The issue allows remote attackers to inject arbitrary script/HTML when signing the guestbook, with the malicious content subsequently rend...
CVE-2006-1427
CVE-2006-1427 involves multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier. The affected component is the web application’s CGI interfaces, specifically cgi-bin/index.cgi (parameters: action, id, num, board, cat, real, viewcat, img, curcatname) and /mods/calendar/i...
CVE-2006-1427
Multiple cross-site scripting XSS vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 action, 2 id, 3 num, 4 board, 5 cat, 6 real, 7 viewcat, 8 img, or 9 curcatname parameter in cgi-bin/index.cgi, or 10 vsSD parameter in...
MS Windows IIS Malformed HTTP Request Denial of Service Exploit (pl)
Exploit for unknown platform in category dos / poc ==================================================================== MS Windows IIS Malformed HTTP Request Denial of Service Exploit pl ==================================================================== !/usr/bin/perl really bored kokanin / IIS...
formmail.pl
The 'formmail.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. OpenVAS Vulnerability Test $Id: formmailpl.nasl 6703 2017-07-12 13:57:25Z cfischer $ Description: formmail.pl Authors: Mathieu...
ddicgi.exe vulnerability
The file ddicgi.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Windows Apache information leak
It's possible to retrieve file from CGI-BIN directory by typing directory name uppercase http://127.0.0.1/CGI-BIN/chat.pl...
CVE-2005-2849
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to 1 read portions of source code via the -f option to Dig digdevice.cgi, 2 determine file existence via the -r argument to Tcpdump tcpdumpdevice.cgi or 3 modify files in the...
pservBad.txt
Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, From...
CVE-2000-1225
CVE-2000-1225 affects Xitami 2.5b where the installer places testcgi.exe by default in the cgi-bin. Accessing this program can disclose sensitive web server configuration information to remote attackers. The accompanying metrics indicate a network-exposed, low-complexity vector with partial confi...