BadBlue invalid null byte vulnerability

It was possible to read the content of /EXT.INI BadBlue configuration file by sending an invalid GET request. A cracker may exploit this vulnerability to steal the passwords. OpenVAS Vulnerability Test $Id: badbluenullbyte.nasl 7175 2017-09-18 11:55:15Z cfischer $ Description: BadBlue invalid nul...

E-Shopping Cart Arbitrary Command Execution (WebDiscount)

The eShop WebDiscount CGI is installed. A security problem in this CGI allows anyone to execute arbitrary commands with the privileges of the web server. SPDX-FileCopyrightText: 2001 Noam Rathaus SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced...

readmsg.php detection

/base/webmail/readmsg.php was detected. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11073";...

CVE-2002-2113

CVE-2002-2113 concerns AGH HTMLsearch 1.0. The vulnerability resides in the CGI script search.cgi, where the template parameter can be tainted to pass shell metacharacters. This enables a remote attacker to execute arbitrary commands on the affected system. The available documents consistently de...

CVE-2002-1753

csNewsPro.cgi in CGIScript.net csNews Professional csNewsPro allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

NewsScript newsscript.pl mode Parameter Privilege Escalation

The remote host is running a version of NewsScript.co.uk's NewsScript that allows a remote attacker to bypass authentication simply by setting the 'mode' parameter to 'admin', thereby allowing him to add, delete, or modify news stories and headlines at will. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2005-0111

Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter...

FreeBSD : ruby -- CGI DoS (171)

The following package needs to be updated: ruby-1.7.0 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgd656296b33ff11d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

USN-20-1: Ruby CGI module vulnerability

The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module cgi.rb. Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel...

CVE-2002-1147

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the devicereset...

Sambar environ.pl Default CGI Disclosure

Binary data 1578.prm...

Sambar testcgi.exe Default CGI Disclosure

Binary data 1579.prm...

FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)

According to a Debian Security Advisory : Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...

jPortal print.inc.php id Parameter SQL Injection

The remote host appears to be running the jPortal CGI suite. There is a SQL injection vulnerability in the 'id' parameter of print.php. A remote attacker could exploit this to execute arbitrary SQL queries, which could be used to gain administrative access to this host. %NASLMINLEVEL 70300 C...

ASP Portal User Profile XSS

The remote host is running the ASP Portal CGI suite. There is a cross-site scripting issue in this suite that may allow an attacker to steal your users cookies. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid12057;...

Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow

The foxweb.dll or foxweb.exe CGI is installed. Versions 2.5 and below of this CGI program have a remote stack buffer overflow. A remote attacker could use this to crash the web server, or possibly execute arbitrary code. Since Nessus just verified the presence of the CGI but could not check the...

Jason Maloney's Guestbook 3.0 - Remote Command Execution

// source: https://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize sensitive script variables after...

Psunami.CGI Command Execution

The remote host is hosting Psunami.CGI There is a flaw in this CGI which allows an attacker to execute arbitrary commands with the privileges of the HTTP server by making a request like : /psunami.cgi?action=board&board=1&topic=|id| %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CC GuestBook cc_guestbook.pl Multiple Parameter XSS

The remote host is running ccguestbook.pl, a guestbook written in Perl. This CGI is vulnerable to a cross-site scripting attack. An attacker may use this flaw to steal the cookies of your users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "BrainRawt ." To:...