9775 matches found
CVE-2002-1592
CVE-2002-1592 affects Apache HTTP Server 2.0 through 2.0.35. When a CGI application encounters an error, ap_log_rerror may send error messages to the client that include the server’s full path, enabling information disclosure. The provided sources confirm the affected range and the leakage of int...
NewsScript newsscript.pl mode Parameter Privilege Escalation
The remote host is running a version of NewsScript.co.uk's NewsScript that allows a remote attacker to bypass authentication simply by setting the 'mode' parameter to 'admin', thereby allowing him to add, delete, or modify news stories and headlines at will. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2005-0689
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the URL or 2 the template parameter...
The Includer CGI <= 1.0 Remote Command Execution
Exploit for cgi platform in category web applications ================================================ The Includer CGI = 1.0 Remote Command Execution ================================================ Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.:...
The Includer CGI <= 1.0 Remote Command Execution
No description provided by source. Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.: www.host-vulnerable.com/includer.cgi?template=|id| milw0rm.com 2005-03-07...
The Includer CGI 1.0 - Remote Command Execution (1)
The Includer CGI 1.0 - Remote Command Execution 1 Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.: www.host-vulnerable.com/includer.cgi?template=|id| milw0rm.com 2005-03-07...
vBulletin Detection
The remote host is running vBulletin, a commercial web-based message forum application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17282; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/08/10";...
The Includer CGI 1.0 - Remote Command Execution (1)
Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.: www.host-vulnerable.com/includer.cgi?template=|id| milw0rm.com 2005-03-07...
PHP, ASP, CGI web applications security vulnerabilities
PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...
CVE-2004-0983
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...
CVE-2004-0983
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities
SIG^2 Vulnerability Research Advisory RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities by Tan Chew Keong Release Date: 01 Mar 2005 ADVISORY URL http://www.security.org.sg/vuln/raidenhttpd1132.html SUMMARY RaidenHTTPD Server http://www.raidenhttpd.com/en/index.html is a...
CERN httpd CGI Name Handling Remote Overflow
The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on t...
PHP/ASP/CGI web applications security bugs
PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc...
Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure
source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names and user names on a vulnerable computer. Information gathered throug...
Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure
Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names a...
lighttpd script source code leak
It's possible to retrieve CGI script source code...
GLSA-200502-21 : lighttpd: Script source disclosure
The remote host is affected by the vulnerability described in GLSA-200502-21 lighttpd: Script source disclosure lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent as-is. By appending %00 to the filename, yo...
HP-UX PHSS_28705 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)
s700800 11.X OV NNM6.2 Intermediate Patch, Feb 2003 : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. CERT VU825353, CVE CAN-2002-0839 Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. CERT VU240329...
lighttpd < 1.3.8 Null Byte Request CGI Script Source Code Disclosure
According to its banner, the version of lighttpd running on the remote host is prior to 1.3.8. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this vulnerability, by requesting a CGI script that is appended by a '%00', to read...