Дырка в thttpd (ssi CGI file retrieval)

Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...

thttpd ssi Servlet Encoded Traversal Arbitrary File Access

The version of thttpd running on the remote host comes with a CGI script, 'ssi', that fails to completely sanitize its PATHTRANSLATED argument of encoded directory sequences. An unauthenticated, remote attacker can use this issue to read arbitrary files on the remote host, subject to the privileg...

Moreover CGI script - File Disclosure

Moreover CGI script - File Disclosure source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for...

Moreover CGI script - File Disclosure

source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for display in the browser, fails to adequatel...

Дырка в HP Openview Network Node Manager

Можно вызвать переполнение буфера в CGI-скрипте требующем авторизованного доступа...

Unixware 7.0 - SCOhelp HTTP Server Format String

Unixware 7.0 - SCOhelp HTTP Server Format String source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided fo...

Unixware 7.0 - SCOhelp HTTP Server Format String

source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could all...

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier is affected by a traversal flaw that lets remote attackers read arbitrary files through a .. attack in the fromfile parameter. Affected product: Auction Weaver LITE (1.0–1.04) per historical advisories; impact is remote file disclosure. Patch available: ...

CVE-2000-0696

The CVE-2000-0696 entry concerns the dwhttpd web server’s administration interface in Solaris AnswerBook2 . The vulnerability arises because the admin interface does not properly authenticate requests to its supporting CGI scripts, enabling a remote attacker to add user accounts by directly invok...

CVE-2000-0687

CVE-2000-0687 affects Auction Weaver CGI script LITE (1.0–1.04). A directory traversal flaw in the catdir parameter allows remote attackers to read arbitrary files. The vulnerability is remotely exploitable and was reported for UNIX and Windows NT platforms. The issue arises in versions 1.0 throu...

YaBB YaBB.pl num Parameter Traversal Arbitrary File Access

The 'YaBB.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution

The 'calendaradmin.pl' CGI is installed. This CGI has a well known security flaw that allows a remote attacker to execute commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system...

Simple Web Counter swc ctr Parameter Remote Overflow

The CGI 'swc' Simple Web Counter is present and vulnerable to a buffer overflow when issued a too long value to the 'ctr=' argument. An attacker may use this flaw to gain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael...

htgrep hdr Parameter Arbitrary File access

The 'htgrep' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration 1 source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full...

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (2)

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration 2 source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a...

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (1)

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration 1 source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a...

CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)

source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...