9775 matches found
Multiple Dangerous CGI Script Detection
It is possible that the remote web server contains one or more dangerous CGI scripts. Note that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities. %NASLMINLEVEL 70300 This script was written by...
lednews.txt
XSS Vulnerability in LedNews CGI/Perl v0.7 URL: http://www.ledscripts.com/index.php?page=free:perl:lednews Description ======= LedNews is a CGI application written entirely in perl. Its designed to be as simple as possible, but very powerful at the same thing. Vulnerability ======== The script do...
CVE-2003-0217
Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...
Infinity CGI Exploit Scanner Multiple Vulnerabilities
The remote is running Infinity Exploit Scanner, a web-based CGI vulnerability scanner implemented in perl and stored under the name 'nph-exploitscanget.cgi'. There is a flaw in this CGI that lets an attacker execute arbitrary commands on this host. In addition to this, there is a flaw in this CGI...
Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting
Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting source: https://www.securityfocus.com/bid/7910/info Infinity CGI Exploit Scanner is reported to be prone to a cross-site scripting vulnerability. An attacker could exploit this issue to creating a malicious link to a site hosting the softwa...
Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/7910/info Infinity CGI Exploit Scanner is reported to be prone to a cross-site scripting vulnerability. An attacker could exploit this issue to creating a malicious link to a site hosting the software that contains hostile HTML and script code. If this li...
Behold! Software counter.exe Malformed HTTP Request Counter Log DoS
The CGI 'counter.exe' exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the web server. %NASLMINLEVEL 70300 This script was written by John...
Netwin WebNews Webnews.exe Remote Overflow
The remote host appears to be running WebNews, which offers web-based access to Usenet news. Some versions of WebNews are prone to a buffer overflow when processing a query string with an overly-long group parameter. An attacker may be able to leverage this issue to execute arbitrary shell code o...
CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
The CSNews.cgi exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker can submit a specially crafted web form, which can display the 'setup.cgi' file that contains the superuser name and password. %NASLMINLEVEL 70300 This script was written by John...
CGI bugs
No description provided...
rot13sj.cgi Arbitrary File Access
The remote host is running the CGI 'rot13sj.cgi'. This CGI contains various flaws which may allow a user to execute arbitrary commands on this host and to read aribrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: http://www.geocities.com/sjefferson101010/ link is broken...
PostNuke Rating System DoS
The remote host is running PostNuke. PostNuke Phoenix 0.721, 0.722 and 0.723 allows a remote attacker causes a denial of service to legitmate users, by submitting a string to its rating system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Note: Based on the proof of concept example, NOT...
WF-Chat User Account Disclosure
The WF-Chat allows an attacker to view information about registered users by requesting the files '!nicks.txt' and '!pwds.txt'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid11688; scriptversion"1.23";...
CGI bugs
No description provided...
Bandmin 1.4 index.cgi Multiple Parameter XSS
The remote host is running the Bandmin CGI suite. There is a cross-site scripting issue in this suite that may allow an attacker to steal your users cookies. The flaw lies in the cgi bandwitdh/index.cgi %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: 28 May 2003 16:38:40 -0000 From:...
Bandmin 1.4 XSS Exploit
Bandmin 1.4 XSS Exploit by Silent Needle A:BACKGROUND Bandmin is a cgi script show you the bandwidth for the sites in the server. B:DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C:EXPLOIT These are th...
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...
CGI bugs
No description provided...
CGI bugs
No description provided...
CVE-2003-0217
CVE-2003-0217 describes a cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) up to version 3.01, where an input parameter passed to a CGI script (notably swsrv.cgi) could be exploited to hijack a user session and bypass authentication. The underlying issue is impr...