CVE-2003-0097

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings cgi.forceredirect or --enable-force-cgi-redirect...

CVE-2002-1147

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the devicereset...

CVE-2002-1361

CVE-2002-1361 affects Sun Cobalt RaQ4 with the Security Hardening Patch (SHP) installed. The overflow.cgi CGI script did not properly filter input, allowing a POST to set the email parameter to shell metacharacters and enabling remote code execution with superuser privileges. Public sources descr...

CVE-2002-1361

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP Security Hardening Patch installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter...

CVE-2003-0097

The CVE-2003-0097 entry concerns PHP 4.3.0’s CGI module, where a flaw in force redirect handling (cgi.force_redirect or --enable-force-cgi-redirect) can allow an attacker to access arbitrary files as the PHP user and potentially execute PHP code. Public sources describe this as a by-design bypass...

CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

CGI bugs

No description provided...

Zeus < 3.3.5a Web Server Null Byte Request CGI Source Disclosure

Binary data 1447.prm...

PHP < 4.3.1 CGI Module File Access

Binary data 1477.prm...

cvsview2.cgi Multiple Vulnerabilities

Binary data 1650.prm...

BNBForm bnbform.cgi Automessage Arbitrary File Retrieval

Binary data 1643.prm...

Sambar testcgi.exe Default CGI Disclosure

Binary data 1579.prm...

Sambar environ.pl Default CGI Disclosure

Binary data 1578.prm...

Apache < 2.0.46 Multiple Vulnerabilities

Binary data 1443.prm...

CVE-2004-0755

The CVE concerns Ruby CGI::Session FileStore creating session files with insecure permissions, enabling local users to read session data and hijack sessions. Technical details across connected docs confirm: FileStore writes session files with improper permissions, enabling a local information lea...

CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...

Mercantec SoftCart 4.00b - CGI Overflow (Metasploit)

Mercantec SoftCart 4.00b - CGI Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Mercantec SoftCart 4.00b CGI Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Mercantec SoftCart 4.00b - CGI Overflow (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mercantec...