CVE-2003-0217

Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...

php-proxima autohtml.php Arbitrary File Retrieval

The remote host is running php-proxima, a website portal. There is a flaw in this version that allows an attacker to read arbitrary files on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Mind Warper" To: [email protected] Date: Thu, 15 May 2003 01:43:40...

CGI bugs

No description provided...

PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite

The remote host has the cgi 'counter.php' installed. This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...

Ceilidh testcgi.exe query Parameter XSS

The remote host has a CGI called 'testcgi.exe' installed under /cgi-bin that is vulnerable to a cross-site scripting issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11610; scriptversion"1.26";...

HappyMall Multiple Script Arbitrary Command Execution

There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...

CGI bugs

No description provided...

CGI bugs

No description provided...

Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access

The remote host includes a CGI /cgi-bin/readfile.tcl which allows anyone to read arbitrary files on the remote host with the privileges of the HTTP daemon typically 'nobody'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: Jonas Eriksson mailto:[email protected] Date: 23/04/2003 To:...

ANHTTPd.txt

Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...

CGI bugs

No description provided...

CGI bugs

No description provided...

HP Instant TopTools hpnst.exe CGI DoS

The remote host has the CGI 'hpnst.exe' installed. Older versions of this CGI pre 5.55 are vulnerable to a denial of service attack where the user can make the CGI request itself. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

CGI bugs

No description provided...

Apache 2.0.x < 2.0.45 Multiple Vulnerabilities (DoS, File Write)

The remote host is running a version of Apache 2.0.x that is prior to 2.0.45. It is, therefore, reportedly affected by multiple vulnerabilities : - There is a denial of service attack that could allow an attacker to disable this server remotely. - The httpd process leaks file descriptors to child...

CVE-2002-0488

The vulnerability CVE-2002-0488 affects Linux Directory Penguin traceroute.pl CGI script version 1.0. A flaw in the traceroute.pl CGI allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter, enabling remote code execution. This assessment is supported by P...

CVE-2002-0599

Blahz-DNS 0.2 and earlier is affected by CVE-2002-0599. The vulnerability allows remote attackers to bypass authentication and modify DNS configuration by directly requesting CGI programs (e.g., dostuff.php) instead of using the login screen. Affected component is the authentication/config flow; ...

CVE-2002-0290

Netwin WebNews WebNews.cgi (Webnews.exe) version 1.1 is affected by a buffer overflow when processing a long group argument in the WebNews CGI, allowing remote attackers to execute arbitrary code. The issue is described across CVE-2002-0290 records (NVD/Nessus/OpenVAS) with a base CVSS v2 score o...

CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter...

CVE-2002-0947

CVE-2002-0947 describes a buffer overflow in the rwcgi60 CGI program used by Oracle Reports Server 6.0.8.18.0 and earlier (Oracle9iAS and other products). The vulnerability allows a remote attacker to execute arbitrary code via a long database name parameter. The Oracle RWCGI60 component handles ...