CGI bugs

No description provided...

Apache Httpd < 2.0.40 : Path revealing exposures

A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...

CGI bugs

No description provided...

BlackBoard 5.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit this condition via a malicious lin...

CVE-2002-0360

Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program...

CVE-2001-1074

Webmin 0.84 and earlier does not properly clear the HTTPAUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges...

CVE-2001-0918

This CVE concerns vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 that allow remote command execution due to insecure file handling. Affected are the susehelp CGI scripts; the underlying issue is not opening files securely, enabling unauthorized command execution. The provided docu...

CVE-2001-1074

Summary: CVE-2001-1074 affects Webmin 0.84 and earlier. The vulnerability arises because Webmin does not properly clear the HTTP_AUTHORIZATION environment variable when the web server restarts, causing authentication information to be exposed to all CGI programs and enabling local privilege escal...

CVE-2001-0918

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely...

AdvServer DoS

Title: AdvServer DoS Date: 21.06.02 Author: elab http://elaboration.8bit.co.uk Software: AdvServer Platform: Win32 Tested: Version 1.030000 Vendor: WWW: http://gamecheats.ws Contacted on: 30 May 02 Via: [email protected] && website Response: Within 2 days WARNING: This advisory has NOTHING to do...

CVE-2002-0599

Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen...

SSI &amp; CSS execution in MakeBook 2.2

DownBload Security Research Lab Advisory ------------------------------------------------------------------------- Advisory name: SSI & CSS execution in MakeBook 2.2 Advisory number: 5 Application: MakeBook 2.2 CGI script Application author: Kristina Pfaff-Harris Source:...

Oracle Reports Server Buffer Overflow &#40;#NISR12062002B&#41;

NGSSoftware Insight Security Research Advisory Name: Oracle 9iAS Reports Server Systems: All Severity: High Risk Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Advisory URL:...

Buffer overflow in Oracle 9iAS Reports Server

Buffer overflow in CGI script...

AlienForm2 CGI script: arbitrary file read/write

===================================================================== Vulnerable: AlienForm2 revision 1.5 Category: Perl/CGI coding errors Impact: Subject to file permissions, an attacker can read any file on the server, append arbitrary data to any existing file or write arbitrary data to new...

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...

CVE-2002-0489

CVE-2002-0489 affects the Linux Directory Penguin NsLookup CGI script (nslookup.pl) version 1.0. It allows remote code execution via shell metacharacters in the (1) query or (2) type parameters. The NVD record assigns a base score of 10.0 (HIGH) with network attack vector, low complexity, no auth...

CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

CVE-2002-0612

FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 head or 2 foot parameters...

AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation

The AlienForm CGI script allows an attacker to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file. The AlienForm CGI script is installed as either af.cgi or alienform.cgi. %NASLMINLEVEL 70300 This script was written by Andrew...