Solaris 7.08 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution

Solaris 7.08 Sunsolve CD - SSCDSunCourier.pl CGI Script Arbitrary Command Execution source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI scri...

Solaris 7.0/8 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution

source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI script included with the CD does not adequately sanitize input. Due to a design failure...

CVE-2001-0834

htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...

CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. The vulnerability arises from trusting the ID parameter in requests, enabling privilege escalation to partial confidentiality/integrit...

CVE-2001-1010

CVE-2001-1010 affects Sambar Server’s pagecount CGI script (located at /session/pagecount). The vulnerability arises because the page parameter is not validated against directory traversal (".."), enabling a remote attacker to overwrite arbitrary files on the filesystem. The root cause is lack of...

CVE-2001-1010

Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. dot dot attack on the page parameter...

Xerver-2.10.txt

------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez Thanks all...

CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields...

CVE-2002-0091

CVE-2002-0091 affects CIDER SHADOW 1.5 and 1.6. The vulnerability consists of CGI scripts that allow remote execution of arbitrary commands through certain form fields due to insufficient input verification. Impact is remote code execution with the privileges of the web server process; exploitati...

Oracle 9iAS allows access to CGI script source code within CGI-BIN directory

Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...

Netwin Webnews 1.1k

Name: Netwin WebNews 1.1k Operation system: tested under Redhat linux 7.0 Vendor status: The vendor has been contacted on the 20th of February and hasn't replied yet. Description: The Netwin Webnews version 1.1k CGI binaries contains 4 default users within the binary that can not be removed. Whil...

ОЧередные ошибки в CGI

No description provided...

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

EasyBoard 2000 Remote Buffer Overflow Vulnerability

EasyBoard 2000 Remote Buffer Overflow Vulnerability Jin Ho You, [email protected] 1 Discussion EasyBoard 2000http://ezboard.new21.org is a web board CGI. Improperly manipulated user-supplied input to the Content-Type header can create an buffer overflow condition. This vulnerability...

EZNE.NET Ezboard 2000 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. A vulnerability has been reported in some versions of Ezboard. In some CGI programs, user supplied data is written to a staticly sized array with a sprintf cal...

EZNE.NET Ezboard 2000 - Remote Buffer Overflow

EZNE.NET Ezboard 2000 - Remote Buffer Overflow source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. A vulnerability has been reported in some versions of Ezboard. In some CGI programs, user supplied data is writt...

Очередные дырки в CGI

No description provided...

texis&#40;CGI&#41; Path Disclosure Vulnerability

Advisory: texisCGI Path Disclosure Vulnerability Application: Thunderstone's texisCGI Release Date: 02.05.02 Severity: Any user can send an invalid path to texisCGI causing it to reveal the full path to the webroot. In some cases texis will display system specific informationOS, processor type...

Mrtg Path Disclosure Vulnerability &#40;Revised&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /This is Mrtg Web Frontend 14all.cgi bug. You may find the revised security announcement below/ Mrtg/RRD 14all.cgi Path Disclosure Vulnerability Type: Input Validation Error Release Date: February 4, 2002 Product / Vendor: 14all.cgi is a CGI script to...

texis&#40;CGI&#41; Path Disclosure Vulnerability

Advisory: texisCGI Path Disclosure Vulnerability Application: Thunderstone's texisCGI Release Date: 02.05.02 Severity: Any user can send an invalid path to texisCGI causing it to reveal the full path to the webroot. In some cases texis will display system specific informationOS, processor type...