730 matches found
NetCode NC Book book.cgi current Parameter Arbitrary Command Execution
The CGI 'book.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10721; scriptversion"1.27";...
Omnicron OmniHTTPd 2.0.7 - File Corruption Command Execution
Omnicron OmniHTTPd 2.0.7 - File Corruption Command Execution source: https://www.securityfocus.com/bid/2211/info OmniHTTPD is a compact Windows based web server by Omnicron Technologies. OmniHTTPD has various features including multiple domain support, keep-alive connections, supports virtual IP...
multiple vulnerabilities in un-cgi
I recently found a number of vulnerabilities in the CGI wrapper program uncgi'. I was amazed to find out this was never reported before at least; the archives don't show it. Description ----------- Un-CGI is a little program that parses options in i.e. QUERYSTRING and starts a CGI script. Since a...
Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing
source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script included with the Tarantella,...
Sean MacGuire Big Brother 1.0/1.3/1.4 - CGI File Creation
source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. ./bb 1.2.3.4...
Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation
Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly...
mimanet source viewer 2.0 - Directory Traversal
mimanet source viewer 2.0 - Directory Traversal source: https://www.securityfocus.com/bid/2762/info MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server. Source Viewer accepts an argument, 'loc', which it uses a...
A1Stats Multiple Script Traversal Arbitrary File Access
The 'aldisp.cgi' CGI script was found on this system. This script allows an attacker to view any file on the target computer by making a specially crafted GET request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CGI - nph-maillist.pl vulnerability...
Hello BuGReaders... Script: nph-maillist.plcgi Introduction: cat from source .................................................................... Created by: Matt Tourtillott URL: www.marketrends.net email [email protected] The email list generator is a web interfaced script that allows the...
nph-maillist 3.03.5 - Arbitrary Code Execution
nph-maillist 3.03.5 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the...
nph-maillist 3.0/3.5 - Arbitrary Code Execution
source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form, and then force a mailing which wil...
uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access
The 'ustorekeeper.pl' CGI script installed on the remote host allows an attacker to read arbitrary files subject to the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access
The 'store.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10639;...
Free Online Dictionary of Computing 1.0 - Remote File Viewing
Free Online Dictionary of Computing 1.0 - Remote File Viewing source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and...
Free Online Dictionary of Computing 1.0 - Remote File Viewing
source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as...
CGI - mailnews.cgi vulnerability...
Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
The remote host is running WebSPIRS, SilverPlatter's Information Retrieval System for the web. The installed version of WebSPIRS has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 This script...
Bajie WebServer 0.78/0.90 - Remote Command Execution
source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These uploaded scripts are placed in known destination...
Bajie WebServer 0.780.90 - Remote Command Execution
Bajie WebServer 0.780.90 - Remote Command Execution source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These...
Security advisory for analog
SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...