Mike Spice's Quiz Me! does not adequately validate user input

Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...

CGI bugs

No description provided...

Multiple CGI bugs

No description provided...

alya.cgi CGI Backdoor Detection

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple rootkits. This script was written by Jason Lidow Changes by Tenable: - Overhauled description, added Synopsis/Reference/Solution 12/8/2008 include"compat.inc"; if description scriptid1111...

XSS in Null HTTPd

Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is quite basic, but offers good CGI support. A vulnerability in Null HTTPd may allow cross-site scripting via a 404 page: http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT You have to place this in the query string so that i...

CVE-2002-0917

CVE-2002-0917 affects CGIScript.net csPassword.cgi, which stores .htpasswd files under the web document root. This allows remote authenticated users to download the password file and crack other users’ passwords. The vulnerability is mapped to a high severity (CVSS v2 base score 7.5, vector AV:N/...

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...

CVE-2002-1089

CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...

CVE-2002-0948

The CVE-2002-0948 entry concerns Scripts For Educators MakeBook 2.2 CGI, where the (1) Name and (2) Email parameters are not properly filtered. This allows remote attackers to execute arbitrary scripts as other visitors, or to trigger server-side includes (SSI) with the web server context. The NV...

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

OmniHTTPd 1.1/2.0.x/2.4 - Sample Application URL Encoded Newline HTML Injection

source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection vulnerability has been reported in the '/cgi-bin/redir.exe' sample CGI included with...

AnyForm CGI Arbitrary Command Execution

The CGI 'AnyForm2' is installed on the remote web server. Old versions of this CGI have a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

OmniHTTPd 1.12.0.x2.4 - Sample Application URL Encoded Newline HTML Injection

OmniHTTPd 1.12.0.x2.4 - Sample Application URL Encoded Newline HTML Injection source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection...

CGI bugs

No description provided...

CGI bugs

No description provided...

Pi3Web < 2.0.1 CGI Handler Long Parameter Handling Overflow

The remote server may crash when it is sent a very long CGI parameter multiple times, as in : GET /cgi-bin/hello.exe?AAAAA...AAAA An attacker may use this flaw to prevent the remote host from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. We do banner checking, as I could...

Viralator CGI Script Arbitrary Command Execution

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server. No flaw was tested. Your script might be a safe version. %NASLMINLEVEL 70300 C Tenable Network Security, In...

CVE-2002-0752

CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file...