9774 matches found
CGI bugs
No description provided...
Perception LiteServe 2.0 - CGI Source Disclosure
source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further attacks against the target system...
Apache discloses source code via POST requests to a location with WebDAV and CGI enabled
Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...
CGI bugs
No description provided...
virgil.txt
-----BEGIN PGP SIGNED MESSAGE----- - - -------------------------------------------------------------------------- KALIF research group [email protected] October 21st, 2002 Joschka Fischer - - -------------------------------------------------------------------------- - - Overview Software : Virgi...
Microsoft IIS IDC Extension XSS
This IIS Server appears to be vulnerable to a cross-site scripting attack due to an error in the handling of overly-long requests on an idc file. It is possible to inject JavaScript in the URL, that will appear in the resulting page. %NASLMINLEVEL 70300 This script was written by Geoffroy Raimbau...
MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6035/info MyMarket is prone to cross-site scripting attacks. HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable...
CGI bugs
No description provided...
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
DEBIAN-CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
CVE-2002-1089
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...
CGI bugs
No description provided...
Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV
In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...
XSS bug in Monkey (0.5.0) HTTP server
Illegal Instruction Labs Advisory ------------------------------------------------------------------------- Advisory name: XSS bug in Monkey 0.5.0 HTTP server Advisory number: 14 Application: Monkey 0.5.0 HTTP server Application author: Eduardo Silva EdsipeR Author e-mail: [email protected]...
OpenVMS WASD multiple bugs
Weak default configuration, protection bypass, CGI execution in server's content...
Apache stderr DoS
Large CGI application stderr output causes Apache to hang...
Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request
Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...
Sambar Server Multiple CGI Remote Overflow
It is possible to kill the Sambar web server 'server.exe' by sending it a long request like: /cgi-win/testcgi.exe?XXXX...X /cgi-win/cgitest.exe?XXXX...X /cgi-win/Pbcgi.exe?XXXXX...X or maybe in /cgi-bin/ An attacker may use this flaw to cause the server to crash continuously. %NASLMINLEVEL 70300 ...
Mike Spice's My Calendar does not adequately validate user input
Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...