CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploits0References10Affected Software8

Tenable Nessus•added 2003/03/30 12:0 a.m.•240 views

CC GuestBook cc_guestbook.pl Multiple Parameter XSS

The remote host is running ccguestbook.pl, a guestbook written in Perl. This CGI is vulnerable to a cross-site scripting attack. An attacker may use this flaw to steal the cookies of your users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "BrainRawt ." To:...

4.3CVSS5.2AI score0.00278EPSS

Packet Storm•added 2003/03/29 12:0 a.m.•28 views

SCSA012.txt

Security Corporation Security Advisory SCSA-012 PROGRAM: Sambar Server HOMEPAGE: http://www.sambar.com/ VULNERABLE VERSIONS: 5.3 and prior DESCRIPTION "Sambar Server is the new standard in high performance multi-functional servers with features rivaling other commercial products selling separatel...

7.4AI score

Tenable Nessus•added 2003/03/28 12:0 a.m.•25 views

Sambar Server Multiple Script XSS

The Sambar web server comes with a set of CGIs are that vulnerable to a cross-site scripting attack. An attacker may use this flaw to steal the cookies of your web users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: 27 Mar 2003 17:26:19 -0000 From: Gregory Le Bras To:...

5AI score

exploitpack•added 2003/03/27 12:0 a.m.•10 views

Sambar Server 5.x - Information Disclosure

Sambar Server 5.x - Information Disclosure source: https://www.securityfocus.com/bid/7207/info An information disclosure vulnerability has been reported for Sambar Server. The vulnerability exists in some files existing in Sambar Server's cgi-bin directory. An attacker can exploit this...

7.2AI score

Exploit DB•added 2003/03/27 12:0 a.m.•22 views

Sambar Server 5.x - Information Disclosure

source: https://www.securityfocus.com/bid/7207/info An information disclosure vulnerability has been reported for Sambar Server. The vulnerability exists in some files existing in Sambar Server's cgi-bin directory. An attacker can exploit this vulnerability by making a request for these files. Th...

7.4AI score

Tenable Nessus•added 2003/03/26 12:0 a.m.•16 views

DCP-Portal Multiple Script Path Disclosure

DCP-Portal discloses its physical path when an empty request to adduser.php is made In addition, several other scripts may disclose the path if an invalid language is supplied, although Nessus has not checked for them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ahmet Sabri ALPER To:...

5CVSS5.2AI score0.01395EPSS

Tenable Nessus•added 2003/03/25 12:0 a.m.•24 views

SimpleChat Information Disclosure

It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...

5.5AI score

Tenable Nessus•added 2003/03/25 12:0 a.m.•54 views

Leif Wright ad.cgi file Parameter Arbitrary Command Execution

The CGI 'ad.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

10CVSS5.8AI score0.04619EPSS

Exploits1References1

securityvulns•added 2003/03/24 12:0 a.m.•38 views

CGI bugs from DWClan

13 vulnerable CGI applications are reported by DWClan...

Exploits0References13Affected Software10

Tenable Nessus•added 2003/03/24 12:0 a.m.•37 views

Adcycle build.cgi Remote Password Disclosure

The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

7.5CVSS5.5AI score0.00654EPSS

Tenable Nessus•added 2003/03/23 12:0 a.m.•175 views

Matt Wright textcounter.pl Arbitrary Command Execution

The CGI 'textcounter' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

10CVSS5.9AI score0.03931EPSS

securityvulns•added 2003/03/20 12:0 a.m.•31 views

CGI bugs

No description provided...

Exploits0References9Affected Software12

CVE•added 2003/03/18 5:0 a.m.•43 views

CVE-2002-1410

The CVE-2002-1410 entry describes a vulnerability in Easy Guestbook CGI programs where administrator authentication is not performed. This permits remote attackers to directly access admin.cgi to delete entries or access config.cgi to reconfigure the Guestbook, without authentication. The connect...

7.5CVSS7.1AI score0.1151EPSS

Exploits1References3Affected Software2

EUVD•added 2003/03/18 5:0 a.m.•2 views

EUVD-2002-1393

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to 1 delete entries via direct access of admin.cgi, or 2 reconfigure Guestbook via direct access of config.cgi...

7.5CVSS6.7AI score0.1151EPSS

Exploits1References3

Cvelist•added 2003/03/18 5:0 a.m.•14 views

CVE-2002-1410

6.7AI score0.1151EPSS

Exploits1References3

securityvulns•added 2003/03/16 12:0 a.m.•31 views

CGI bugs

No description provided...