CVE-2003-1341

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe...

CVE-2003-1510

TinyWeb 1.9 allows remote attackers to cause a denial of service CPU consumption via a ".%00." in an HTTP GET request to the cgi-bin directory...

CVE-2003-1348

Cross-site scripting XSS vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 name, or 3 title field...

CVE-2003-1373

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...

CVE-2003-1558

Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service crash and possibly execute arbitrary code via a long CGI request passed to the docgi function...

CVE-2003-1365

The escapedangerouschars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including 1 "" backslash, 2 "?", 3 "" tilde, 4 "^" carat, 5 newline, or 6 carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands...

CVE-2003-1556

Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...

MDaemon buffer overflow

Buffer overflow if FROM2Raw.exe CGI is used...

[Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler

Hat-Squad Security Team Advisory http://www.hat-squad.com Product: Alt-N Technologies Mdaemon Mail Server Version: MDaemon 6.85 and Below to 6.52 Vulnerability: Remote buffer overflow in Raw Message Handler Release Date: 12/29/2003 Vendor Status: Informed on 29 Dec 2003 Quick response on 29 Dec...

CGI bugs

No description provided...

SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure

The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to launch more effective attacks against the remote server. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scrip...

[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix Apache security vulnerabilities Advisory ID: RHSA-2003:320-01 Issue date: 2003-12-16 Updated on: 2003-12-16 Product:...

Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities

Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Linux 8.0 and 9. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration fil...

CGI bugs

No description provided...

CGI bugs

No description provided...

BNCweb File Disclosure Vulnerability

BNCweb is a set of CGI scripts developed at the University of Zьrich as a user-friendly query interface to the British National Corpus. It allows linguists to retrieve lexical, grammatical and textual data from this 100 million word collection of english texts using a web browser. For more...

Foxweb foxweb.exe / foxweb.dll Long URL Remote Overflow

The foxweb.dll or foxweb.exe CGI is installed. Versions 2.5 and below of this CGI program have a remote stack buffer overflow. A remote attacker could use this to crash the web server, or possibly execute arbitrary code. Since Nessus just verified the presence of the CGI but could not check the...

Jason Maloney's CGI Guestbook Remote Command Execution Vulnerability.

-= Application =- : Jason Maloney's CGI Guestbook. http://www.aestheticsurgerycenter.com/scripts/guestbook/ -= Versions =- : 3.0 / ALL -= Risk factor =- : High -= Impact =- : Attackers could execute commands remotely. -= Vendor status =- : Vendor notified -= Date =- : 01 December, 2003 -= Credit ...

Jason Maloney's Guestbook 3.0 - Remote Command Execution

// source: https://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize sensitive script variables after...

CGI bugs

No description provided...