730 matches found
Moreover CGI script 0 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for display ...
mimanet source viewer 2.0 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2762/info MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server. Source Viewer accepts an argument, 'loc', which it uses as the filename...
PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and passwor...
FileSeek CGI Script File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from The CGI/Perl Cookbook from John Wiley & Sons. The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server...
Free Online Dictionary of Computing 1.0 - Remote File Viewing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called The Free Online Dictionary of Computing. Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files...
Network Security Wizards Dragon-Fire IDS 1.0 Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system...
Apple Mac OS X Server 10.0 Overload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/306/info A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GE...
AWStats (6.1-6.2) configdir Remote Command Execution
No description provided by source. $Id: awstatsconfigdirexec.rb 7970 2009-12-26 03:31:20Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
CGI Script Center Account Manager 1.0 LITE / PRO Administrative Password Alteration (2)
No description provided by source. source: http://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST...
QuickTime Streaming Server parse_xml.cgi Remote Execution
No description provided by source. $Id: qtssparsexmlexec.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7530/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the memberhtml.cgi script. This could lead to attacks against system...
DCForum 6.0 - Remote Admin Privilege Compromise Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges an...
Cobalt RaQ4 Administrative Interface Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6326/info The RaQ4 is a server appliance distributed and maintained by Sun Microsystems. A vulnerability has been reported in the web administration interface of the RaQ4. It is possible for a remote attacker to execute...
man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)
No description provided by source. / str0ke@server:$ ./test some.edu w /cgi-bin/man2web 80 1 /str0ke / / dl-mancgi.c v0.2 x86/linux multipie man2web cgi-scripts remote command spawn found and coded by tracewar darklogic team for educaional purposes only. greetz goes to: matan peretz, ofer shaked,...
eXtropia bbs_forum.cgi 1.0 - Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly validate user-supplied...
Excite for Web Servers 1.1 Administrative Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world readable and world...
CGI Script Center Account Manager 1.0 LITE / PRO Administrative Password Alteration (1)
No description provided by source. source: http://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST...
MDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Buffer Overflow
No description provided by source. $Id: mdaemonworldclientform2raw.rb 9653 2010-07-01 23:33:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...
Sitebuilder 1.4 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-suppli...