(SRADV00005) Remote command execution vulnerabilities in MailMan Webmail

================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...

SRADV00005.txt

================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...

Endymion MailMan 3.0.x - Arbitrary Command Execution

Endymion MailMan 3.0.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of t...

Markus Triska CGIForum 1.0 - thesection Directory Traversal

Markus Triska CGIForum 1.0 - thesection Directory Traversal source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the...

FreeBSD-SA-00:73.thttpd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...

CVE-2000-0877

mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attachfile parameter, which MailForm then sends to the attacker...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...

FreeBSD-SA-00:64.global

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:64 Security Advisory FreeBSD, Inc. Topic: global port allows remote compromise through CGI script Category: ports Module: global Announced: 2000-11-06 Credits: Shigio...

Дырка в Global

Недостаточный разбор shell-метасимволов в CGI-Скрипте позволяет выполнение команд на сервере...

CVE-2000-0687

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...

CVE-2000-0696

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...

CVE-2000-0639

The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server...

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...

CVE-2000-0064

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters...

CVE-2000-0639

The issue affects Big Brother 1.4h2 and earlier; default configuration lacks proper access restrictions, enabling remote upload of a file via bbd that can be executed as a CGI script by the web server, allowing remote command execution. CVSS2 base impact is high (7.5). No remediation details are ...

CVE-2000-0063

CVE-2000-0063 affects the Nortel Contivity HTTP server via the cgiproc CGI script, which allows remote attackers to read arbitrary files by passing a filename parameter. This points to an uncontrolled file access flaw in the CGI handler, enabling partial confidentiality impact. The available docu...

CVE-2000-0670

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters...

Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access

The remote host contains is running Byte's Interactive Web Shopper, a shopping cart application. The installed version allows for retrieval of arbitrary files from the web server. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by...