MyHelpDesk 20020509 - SQL Injection

MyHelpDesk 20020509 - SQL Injection source: https://www.securityfocus.com/bid/4971/info It is reported that MyHelpDesk version 20020509 and earlier are vulnerable to SQL injection attacks. Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input...

WebScripts WebBBS 4.x5.0 - Remote Command Execution

WebScripts WebBBS 4.x5.0 - Remote Command Execution source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the...

WebScripts WebBBS 4.x/5.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. Remote attackers may gain local,...

MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access

The 'mrtg.cgi' script is part of the MRTG traffic visualization application. A vulnerability exists in this script that allows an attacker to view the first line of any file on the system. %NASLMINLEVEL 70300 This script was written by H D Moore Script audit and contributions from Carmichael...

CGI bugs

No description provided...

ping.asp CGI Arbitrary Command Execution

The 'ping.asp' CGI is installed. Some versions allow an attacker to launch a ping flood against the targeted machine or another by entering '127.0.0.1 -l 65000 -t' in the Address field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Er...

CVE-2002-0311

Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for 1 in scoadminreg.cgi or 2 serviceaction.cgi...

CVE-2002-0290

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument...

CGIScript.net - csPassword.cgi 1.0 Information Disclosure

CGIScript.net - csPassword.cgi 1.0 Information Disclosure source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by...

CVE-2002-0249

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message...

[UNIX] COWS Contains Multiple Security Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

CGI bugs

No description provided...

CVE-2002-0360

Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program...

CVE-2002-0360

The CVE-2002-0360 issue affects Sun AnswerBook2 1.4–1.4.3, where a buffer overflow in the gettransbitmap CGI allows a remote attacker to execute arbitrary code via a long filename argument. Impact is remote code execution with the daemon privileges; no exploit details are provided in the document...

CGIScript.net 1.0 - Information Disclosure

source: https://www.securityfocus.com/bid/4764/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. It is possible to cause numerous scripts provided by CGIScript.net to disclose sensitive system information. The following is a list of cgi...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow

source: https://www.securityfocus.com/bid/4689/info MDaemon is an integrated mail transport agent, webmail, and mail anti-virus package. It is available for Microsoft Windows operating systems. It may be possible for a remote user to take advantage of a buffer overflow in the MDaemon software...

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow source: https://www.securityfocus.com/bid/4689/info MDaemon is an integrated mail transport agent, webmail, and mail anti-virus package. It is available for Microsoft Windows operating systems. It may be possible for a remote user to tak...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...