PayPal Store Front index.php page Parameter Remote File Inclusion (deprecated)

It is possible to make the remote host include PHP files hosted on a third-party server using the PayPal Store Front CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. The plugin was...

CGI bugs

No description provided...

CGI.pm vulnerable to Cross-site Scripting

Overview A vulnerability in the Common Gateway Interface CGI Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers su...

CGI bugs

No description provided...

Apache Httpd < 2.0.48 : CGI output information leak

A bug in modcgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used...

EORF2003-04: sbox path disclosure problem

--------------------------- EightOne Research Facility --------------------------- EORF2003-04 security advisory Title: sbox has a information disclosure problems Author: Julio "e2fsck" Cesar Vendor: http://stein.cshl.org/WWW/software/sbox Versions: sbox 1.04 and later Date: 18 Sep 2003 1...

Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)

The remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The modrewrite and modalias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may...

SBox 1.0.4 - Full Path Disclosure

SBox 1.0.4 - Full Path Disclosure source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an...

CGI bugs

No description provided...

CGI bugs

No description provided...

SCO Internet Manager privilege escalation

It's possible to spoof authentication data lockally for suid CGI application...

CGI bugs

No description provided...

CGI bugs

No description provided...

CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

CVE-2003-0632

Buffer overflow in the Oracle Applications Web Report Review FNDWRR CGI program FNDWRR.exe of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL...

DEBIAN-CVE-2003-0615

Cross-site scripting XSS vulnerability in startform of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter...

CGI bugs

No description provided...

CGI bugs

No description provided...

CGI bugs

No description provided...

Stellar Docs Malformed Query Path Disclosure

The remote host is running StellarDocs There is a flaw in this system which may allow an attacker to obtain the physical path of the remote installation of StellarDocs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid11817; scriptversion"1.21";...