new advisory

---=== UkR Security Team advisory ===--- Name : MRTG CGI script "show files" Vulnerability About : The Multi Router Traffic Grapher MRTG is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traff...

CVE-2001-1024

CVE-2001-1024 : Entrust getAccess CGI scripts (e.g., login.gas.bat) are vulnerable to remote command execution via an alternate -classpath argument, allowing an attacker to run Java programs. The CVSS data indicates a Network-exposed, low complexity, no-auth exploit with Partial impact on confide...

CVE-2001-0997

The CVE-2001-0997 entry concerns Textor Webmasters Ltd’s listrec.pl CGI. The vulnerability arises from shell metacharacter processing in the TEMPLATE parameter, enabling remote arbitrary command execution on the affected host with web server privileges. Public sources in the connected docs (NVD/N...

CVE-2001-0949

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority EVA Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters 1 Mode, 2 CertificateFile, 3 useExpiredCRLs, 4 listenLength, 5 maxThread, 6...

CVE-2001-0997

Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter...

CVE-2001-0947

The CVE-2001-0947 issue affects ValiCert Enterprise Validation Authority (EVA) versions 3.3 through 4.2.1. It allows remote attackers to determine the server’s real pathname by requesting an invalid extension, which causes an error page that reveals the path. The vulnerability is a server-path di...

CVE-2001-1024

login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument...

CVE-2001-0958

CVE-2001-0958 affects Trend Micro InterScan eManager for NT Ver.3.51 (English) and NT Ver.3.51J. The vulnerability is a remotely exploitable buffer overflow in the eManager CGI interface, caused by long arguments to multiple DLLs (register.dll, ContentFilter.dll, SFNofitication.dll, TOP10.dll, Sp...

CVE-2001-0924

CVE-2001-0924 describes a directory traversal vulnerability in the Informix SQL Web DataBlade CGI (LO parameter) that allows remote attackers to read arbitrary files on the affected system. The issue arises from improper handling of the .. (dot dot) path traversal in the LO parameter of the ifx C...

Очередные ошибки в CGI

Недостаточная проверка ввода пользователя...

Agora.CGI 3/4 - Debug Mode Full Path Disclosure

source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stored in. This is possible by making ...

Agora.CGI 34 - Debug Mode Full Path Disclosure

Agora.CGI 34 - Debug Mode Full Path Disclosure source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi...

FAQManager 'faqmanager.cgi' 'toc' Parameter Arbitrary File Access

FAQManager is a Perl-based CGI for maintaining a list of Frequently Asked Questions. Using a specially crafted URL, a remote attacker can use this CGI to view arbitrary files on the web server. For example: http://www.example.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 %NASLMINLEVEL 70300 This...

Unixware 7.1.1 scoadminreg.cgi local exploit

unixware: uname -a UnixWare unixware 5 7.1.1 i386 x86at SCO UNIXSVR5 unixware: id uid=101mearee gid=1other unixware: ./scoadminreg.sh jGgM root exploit http://www.netemperor.com/ Mail: [email protected] Manager: -c /tmp/jggm;/tmp/jggm; ERROR: Cannot find a Webtop object associated with -c /tmp/jggm...

zml.cgi Directory Traversal

ZML.cgi is vulnerable to a directory traversal attack. It enables a remote attacker to view any file on the computer with the privileges of the cgi/httpd user. %NASLMINLEVEL 70300 This script was written by Drew Hintz http://guh.nu It is based on scripts written by Renaud Deraison and HD Moore Se...

John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/3866/info John Roy Pi3Web is a standard web server which includes CGI and ISAPI support. Pi3Web uses multithreading to handle system requests. Pi3Web is available for Windows, Linux and Solaris. Due to a buffer overflow vulnerability in John Roy Pi3Web...

John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow

John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/3866/info John Roy Pi3Web is a standard web server which includes CGI and ISAPI support. Pi3Web uses multithreading to handle system requests. Pi3Web is available for Windows, Linux and Solaris...

Savant Web Server buffer overflow

Buffer overflow on oversized CGI filename, on oversized request...

Очередные ошибки в CGI

No description provided...

BOOZT! Standard 's administration cgi vulnerable to buffer overflow

BOOZT! is a banner management software for linux servers. It has a remote administration system based on web. I played with version 0.9.8alpha. Here is a reproduction of the bug: http://127.0.0.1:8080/cgi-bin/boozt/admin/index.cgi?section=5&input=1 Fill the "Name Field" with enough A's 770 was be...