9774 matches found
CVE-2002-0489
Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...
CVE-2002-0488
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter...
Apache 2.0 - Encoded Backslash Directory Traversal
source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this include Windows, OS2, and Netware. The issue is...
qmailadmin SUID buffer overflow
qmailadmin is not part of qmail. It's from http://inter7.com/qmailadmin/ and I guess you can download from there and play with it, although the versions I am using were built from the FreeBSD ports tree and also from a Linux RPM I grabbed from:...
qmailadmin 1.0.x - Local Buffer Overflow
qmailadmin 1.0.x - Local Buffer Overflow / source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular...
qmailadmin 1.0.x - Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on others. qmailadmin fails to...
CGI bugs
No description provided...
SUN Answer Book buffer overflow
Buffer overflow in CGI and format string bug in dwhttpd...
Bug in Eupload
Bug in Eupload ----------------- | By ZeroByte || [email protected] | | ICQ 98177781 | 1.1 - What is Eupload? Eupload, is an web utility used to facilitate the update of web sites by means of scripts CGI. This tool allows the ascent of files to the servant by means of an web interface. The...
Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts
Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...
CVE-2002-0750
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field...
CVE-2002-0436
sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...
CGI bugs
No description provided...
Moderate: Red Hat Security Advisory: : : : Updated secureweb packages available
Updated secureweb packages are now available for Red Hat Secure Web Server 3.2 U.S.. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Socke...
PHP Resource Exhaustion Denial of Service
The PHP interpreter is a heavy-duty CGI EXE or SAPI module, depending on configuration that implements an HTML-embedded script language. A vulnerability in PHP can be used to cause a denial of service in some cases. PHP's install process on Apache requires a "/php/" alias to be created, as it...
CGI bugs
No description provided...
CGI bugs
No description provided...
CGI bugs
No description provided...
Apache Web Server ap_log_rerror() function discloses full path to CGI script
Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...
Lil'HTTP Pbcgi.cgi XSS Vulnerability
Recently, I reported on a vulnerability in the Urlcount.cgi script of Lil'HTTP Server Summit Computer Networks. This time, another CGI pbcgi.cgi has been found vulnerable to cross-site scripting. Some versions of this CGI will take the form input you POST/GET to it, and break it into name/e-mail...