9774 matches found
CGI bugs
No description provided...
CVE-2002-0249
CVE-2002-0249 affects PHP for Windows when used as a standalone CGI module on Apache 2.0.28 beta, where a crafted request with malformed arguments can disclose the physical path to php.exe in error messages. Affects PHP for Windows running under Apache CGI; the issue stems from error handling tha...
CVE-2001-1241
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "!" and the desired program name...
CVE-2001-1242
The CVE-2001-1242 entry concerns a directory traversal in Un-CGI 1.9 and earlier, where an attacker can trigger arbitrary code execution by supplying a .. (dot dot) in an HTML form. The vulnerability arises in the way path components are processed, enabling remote exploitation. Affected software:...
CVE-2002-0232
Directory traversal vulnerability in Multi Router Traffic Grapher MRTG allows remote attackers to read portions of arbitrary files via a .. dot dot in the cfg parameter for 1 14all.cgi, 2 14all-1.1.cgi, 3 traffic.cgi, or 4 mrtg.cgi...
CVE-2001-1242
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. dot dot in an HTML form...
CVE-2002-0266
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...
CVE-2001-1241
Un-CGI 1.9 and earlier fail to verify that a CGI script has execution bits set before executing it, allowing remote attackers to run arbitrary commands by pointing Un-CGI at a document that starts with "#!" and the target program name.
CVE-2002-0266
The connected documents confirm CVE-2002-0266 affects Thunderstone Texis CGI scripts, enabling unauthenticated remote disclosure of the web root path by requesting a nonexistent file, with error messages revealing the full pathname. No fix/version remediation details are provided in the supplied ...
CVE-2002-0215
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...
CGI bugs
No description provided...
eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
eSO Security Advisory: 2408 Discovery Date: April 3, 2000 ID: eSO:2408 Title: CIDER SHADOW CGI arbitrary command execution vulnerabilities Impact: Remote attackers can execute commands with the privileges of the running web server process Affected Technology: CIDER SHADOW 1.5, 1.6 Vendor Status:...
CGI bugs
No description provided...
CGI bugs
No description provided...
CGI bugs
No description provided...
vqServer 1.9.x - CGI Demo Program Script Injection
source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues,...
vqServer 1.9.x - CGI Demo Program Script Injection
vqServer 1.9.x - CGI Demo Program Script Injection source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included...
CGI bugs
No description provided...
CGI bugs
No description provided...
Buffer overflow in Talentsoft Web+
Buffer overflows in CGI supplied applications, cookie processing...