smb2www Unspecified Arbitrary Remote Command Execution

The remote host is running smb2www - a SMB to WWW gateway. There is a flaw in the version of this CGI which allows anyone to execute arbitrary commands on this host by sending a malformed argument to smbshr.pl, one of the components of this solution. %NASLMINLEVEL 70300 C Tenable Network Security...

Microsoft IIS fpcount.exe CGI Remote Overflow

Nessus detected the 'fpcount.exe' CGI on the remote web server. Some versions of this CGI have a remote buffer overflow vulnerability. A remote attacker could exploit it to crash the web server, or possibly execute arbitrary code. Nessus did not actually check for this flaw, but solely relied on...

Wordit Logbook logbook.pl file Parameter Arbitrary File Access

The WordIt 'logbook.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets anyone read arbitrary files on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid1136...

Upload Lite upload.cgi Arbitrary File Upload

The Upload Lite upload.cgi CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server. Note that Nessus did not test whether uploads are possible, only that the script exists. %NASLMINLEVEL 70300 C Tenable Network Security,...

Simple File Manager Directory / Filename XSS

The remote Simple File Manager CGI fm.php improperly validates the names of the directories entered and created by the user. As a result, a user could generate a cross-site scripting attack on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access

Cross-Referencing Linux appaers to be installed on the remote host. There is a directory traversal vulnerability in the 'v' parameter of the 'source' CGI. A remote attacker could exploit this to read arbitrary files on the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CGI bugs

No description provided...

WebWho+ whois.pl time Parameter Arbitrary Command Execution

The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PHP-Ping index.php pingto Parameter Arbitrary Code Execution

It is possible to make the remote host execute arbitrary DOS commands using the CGI phpping. An attacker may use this flaw to gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Message-ID: From: "Gregory Le Bras | Security Corporation" To...

CVE-2003-0097

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings cgi.forceredirect or --enable-force-cgi-redirect...

CGI bugs

No description provided...

CGI bugs

No description provided...

Apache descriptor leakage

Few descriptors, including descriptor to log file are leaked on CGI application execution...

Apache 2.x leaked descriptors

Hello, I noticed a problem with apache 2.x back in October and contacted the apache security team with the problem. They've had about 4 months to do something with the problem but haven't seen fit to fix it yet. The last time I tried to status their progress no one replied to my query. I was...

cPanel 5.0 - Guestbook.cgi Remote Command Execution (3)

cPanel 5.0 - Guestbook.cgi Remote Command Execution 3 source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cg...

cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3)

source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability ...

cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)

source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability ...

PHP CGI unauthorized access

--enable-force-cgi-redirect option doesn't work. It allows remote file access and custom PHP code execution...

PHP Security Advisory: CGI vulnerability in PHP version 4.3.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 Issued on: February 17, 2003 Software: PHP/CGI version 4.3.0 Platforms: All The PHP Group has learned of a serious security vulnerability in the CGI SAPI of PHP version 4.3.0. Description P...

PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access

The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11237;...