ViRobot Advanced Server 2.0 - addschup Remote Cookie

ViRobot Advanced Server 2.0 - addschup Remote Cookie !/usr/bin/perl ViRobot 2.0 remote cookie exploit - ala addschup copyright Kevin Finisterre kflistsatdigitalmunitiondotcom jdam:/home/kfinisterre ls -al /var/spool/cron/root ls: /var/spool/cron/root: No such file or directory...

pserv 3.2 - Directory Traversal

pserv 3.2 - Directory Traversal source: https://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the...

[Full-disclosure] Pico Server (pServ) Remote Command Injection

Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, =3.2 probably too...

[Full-disclosure] Pico Server (pServ) Information Disclosure Of CGI Sources

Advisory: Pico Server pServ Information Disclosure Of CGI Sources RedTeam found a Information Disclosure vulnerability in Pico Server pServ which gives an attacker the ability to read all files from cgi-bin. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, =3.2 probably t...

pserv 3.2 - Directory Traversal

source: https://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the cgi-bin directory, it is possib...

PServ 3.2 - Source Code Disclosure

source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information gathered through this attack could b...

TinyWeb Executable code leak

By using /./ it's possible to access file from /cgi-bin...

[NT] TinyWeb Script Disclosure Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure

Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web...

GoAhead script source leak

It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...

CVE-2003-1510

TinyWeb 1.9 allows remote attackers to cause a denial of service CPU consumption via a ".%00." in an HTTP GET request to the cgi-bin directory...

SCSA012.txt

Security Corporation Security Advisory SCSA-012 PROGRAM: Sambar Server HOMEPAGE: http://www.sambar.com/ VULNERABLE VERSIONS: 5.3 and prior DESCRIPTION "Sambar Server is the new standard in high performance multi-functional servers with features rivaling other commercial products selling separatel...

Sambar Server 5.x - Information Disclosure

Sambar Server 5.x - Information Disclosure source: https://www.securityfocus.com/bid/7207/info An information disclosure vulnerability has been reported for Sambar Server. The vulnerability exists in some files existing in Sambar Server's cgi-bin directory. An attacker can exploit this...

Sambar Server 5.x - Information Disclosure

source: https://www.securityfocus.com/bid/7207/info An information disclosure vulnerability has been reported for Sambar Server. The vulnerability exists in some files existing in Sambar Server's cgi-bin directory. An attacker can exploit this vulnerability by making a request for these files. Th...

Apache 2.x leaked descriptors

Hello, I noticed a problem with apache 2.x back in October and contacted the apache security team with the problem. They've had about 4 months to do something with the problem but haven't seen fit to fix it yet. The last time I tried to status their progress no one replied to my query. I was...

Apache 2.0 - Encoded Backslash Directory Traversal

source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this include Windows, OS2, and Netware. The issue is...

CVE-2002-0099

CVE-2002-0099 affects Michael Lamont Savant Web Server 3.0. A buffer overflow occurs when handling a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of dots, allowing remote attackers to cause a denial of service (crash). The available public refer...

Несанкционированный доступ через xitami (privelege escalation)

Пароль администратора хранится в открытом на чтение файле. Сам веб-сервер работает с привилегиями root. Администратор может изменить расположение Cgi-bin получив доступ с правами root...

store.cgi.txt

Hi conrades: I write about a vulnerability in /cgi-bin/Store/store.cgi -- This is part of a software that Key to the web http://www.keyweb.com use for her "e-comerce solutions". In her page you can find a list of posible webs with this vulnerability but you must be faster becouse can be early...

Lotus Domino vulnerable to a denial of service via DOS device request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial-of-service situation on the Windows and OS/2 Platforms. Description With the Lotus Domino Web Server, you can access DOS-devices. If this is done through the cgi-bin directory, a ncgihttp.exe process wi...