CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

Easy Message Board - Remote Command Execution

Easy Message Board - Remote Command Execution source: https://www.securityfocus.com/bid/13555/info Easy Message Board is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

USN-120-1: Apache 2 vulnerability

Luca Ercoli discovered that the "htdigest" program did not perform any bounds checking when it copied the "user" and "realm" arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...

MegaBook V2.0 - Cross Site Scripting Exploit

The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi URL: http://www.yourdomain.com/yourcgidir/admin.cgi I have tested the script with the following query:...

[EXPL] I-Mall Commerce i-mall.cgi Arbitrary Command Execution (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Invision Board Multiple XSS and SQL Injection

Binary data 2879.prm...

[Full-disclosure] NIC Chile CGI Script Zone Transfers

NIC Chile CGI Script Zone Transfers. Autor: Rodrigo Gutierrez rodrigo at intellicomp.cl Affected: All ".cl" domains which use NIC's Chile Secondary NS. Vendor url: http://www.nic.cl Rate: Critical Background. NIC Chile is a part of the University of Chile and is in charge of handling all the...

CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...

Websense Reporting Console Detection

The remote host appears to be running Websense, and connections are allowed to the web reporting console. A remote attacker could use information gathered from this access to mount further attacks. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18177;...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

CVE-2005-1355

CVE-2005-1355 affects includer.cgi in The Includer and enables remote attackers to read arbitrary files by supplying a full pathname in the argument (a directory traversal issue). The connected record for CVE-2005-0801 confirms the pattern: directory traversal via .. or a full pathname in the URL...

CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...

Horde Turba Detection

The remote host is running Turba, a PHP-based addressbook / contact management utility from the Horde Project. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18137; scriptversion"1.24"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

remote command execution in inserter.cgi script

Tunis 24/04/2005 BUG found by fireboy [email protected] THERE ARE SOME BUGS IN inserter.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1file showing...

CVE-2001-1457

CVE-2001-1457 concerns buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5. The underlying issue is a vulnerability in handling a long HTTP_USER_AGENT CGI environment variable, allowing a remote attacker to potentially execute arbitrary code. Affected software is CrazyWWWBoard 2000 series (p4 an...

CVE-2001-1457

Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTPUSERAGENT CGI environment variable...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description An integer overflow and an unbound recursion were discovered in the...

includer10.pl.txt

Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print " incl10.pl 127.0.0.1 / "uname -a"\n"; print " incl10.pl...

Serendipity Detection

Serendipity, a PHP-based blog application, is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18054; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Serendipity Detection";...