CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

nsover.txt

http://www.rootshell.com/ From [email protected] Wed Oct 21 18:00:09 1998 Date: Wed, 21 Oct 1998 19:23:45 -0500 From: Mr. Nothing To: [email protected] Subject: Netscape Buffer Overflow Here is a buffer overflow exploit for Netscape on x86 Linux. It can be activated remotely by the followi...

msie4.width.000.txt

Jim Paris http://home.jtan.com/jim/bugs/ie/width.html Internet Explorer 4.x "width=000..." bug Some versions of Microsoft Internet Explorer will crash when given a long "width=" or "height=" string in an image tag under the correct circumstances. In most cases, IE will stop parsing the "width="...

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a...

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution

source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. Via the web...

Oracle Webserver PL/SQL Stored Procedure GET Request DoS

It was possible to make the remote web server crash by supplying a too long argument to the cgi /ews-bin/fnord. An attacker may use this flaw to prevent your customers to access your website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

IRIX wrap CGI Traversal Arbitrary Directory Listing

The 'wrap' CGI is installed. This CGI allows anyone to get a listing for any directory with mode +755. Note that not all implementations of 'wrap' are vulnerable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

WebGais webgais CGI Arbitrary Command Execution

The 'webgais' CGI is installed. This CGI may let an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10300;...

CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution

The remote host appears to be using the CdomainFree 'whoisraw.cgi' script. This CGI script allows an attacker to view any file on the target computer, as well as to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Xylogics Annex Terminal Service ping CGI Program DoS

It was possible to crash the remote Annex terminal by connecting to the HTTP port, and requesting the '/ping' CGI script with an argument that is too long. For example: http://www.example.com/ping?query=AAAAA...AAAAA %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

O'Reilly WebSite uploader.exe Arbitrary File Upload

The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Sambar Server dumpenv.pl Information Disclosure

CGI script 'dumpenv.pl' is installed on the remote host. This CGI gives away too much information about the web server configuration, which will help an attacker. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

NCSA Campas cgi-bin Arbitrary Command Execution

The remote web server appears to be NCSA httpd. This version of the web server comes with a sample CGI script, campas, that fails to properly sanitize user input. This could allow a remote attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable...

Multiple Vendor test-cgi Arbitrary File Access

The remote web server contains the 'test-cgi' test script, which is included by default with some web servers. The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERYSTRING', before echoing it back as part of a shell script. An...

NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing

The remote web server contains the 'nph-test-cgi' test script, which is included by default with some web servers. The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERYSTRING', before echoing it back as part of a shell script. An...

Apple Mac OSX Server 10.0 - Overload

Apple Mac OSX Server 10.0 - Overload source: https://www.securityfocus.com/bid/306/info A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP...

Apple Mac OSX Server 10.0 - Overload

source: https://www.securityfocus.com/bid/306/info A vulnerability in the MacOS X Server may crash it while under heavy load. The vulnerability appears while stress testing a server running the Apache web server and 32 or more process are concurntly doing HTTP GET request to a CGI script in a loo...

CVE-1999-1063

CDomain whoisraw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter...

CVE-1999-1255

Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an editfile action parameter...

CVE-1999-1155

LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...