Boozt 0.9.8 - Remote Buffer Overflow

Boozt 0.9.8 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/3787/info Boozt! is a free open source banner management software for Linux hosts. An issue has been reported which could allow for a user to execute arbitrary code on a Boozt! host. This is acheivable when a Boozt!...

Переполнение буфера и DoS в awhttpd (buffer overflow)

Сервер вылетает при обращении к несуществующему файлу в CGI. Переполнение кучи...

blackshell2: zml.cgi remote exploit

-----BEGIN PGP SIGNED MESSAGE----- --blackshell security advisory no2-- --zml.cgi remote exploit-- vendor details & history zml.cgi for webservers by jero.cc http://www.jero.cc/zml/zml.html details of exploit this is a classic CGI bug which uses ../../../../ to read remote files. example:...

Очередные дырки в CGI

No description provided...

CVE-2001-1206

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $errorlog variable...

GOBBLES CGI MARATHON #003

PRODUCT AdStreamer http://www.sha-la-la.com/adstreamer/ DESCRIPTION This software have many an open call that can exploited with Perl tricks like ../, 00, |, etc. bash-2.05$ egrep 'open|system|exec|eval' .cgi addbanner.cgi: This script is apart of the Banner Manager system. It will add banners...

Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting

source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...

[SECURITY] [DSA-094-1] mailman cross-site scripting problem

Package : mailman Problem type : cross-site scripting hole Debian-specific: no Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been...

Несанкционированный доступ через xitami (privelege escalation)

Пароль администратора хранится в открытом на чтение файле. Сам веб-сервер работает с привилегиями root. Администратор может изменить расположение Cgi-bin получив доступ с правами root...

SuSE Security Announcement: susehelp

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: susehelp Announcement-ID: SuSE-SA:2001:041 Date: Thu Nov 22 11:36:00 MET 2001 Affected SuSE versions: 7.2, 7.3 Vulnerability Type: remote command execution Severity 1-10: 8 SuSE default package: yes Other affected systems: no...

CVE-2001-0849

Viralator vulnerability (CVE-2001-0849) affects Viralator 0.9pre1 and earlier, where the CGI (viralator.cgi) insecurely passes a file URL to wget, enabling remote code execution with the web server’s privileges. OpenVAS findings confirm a command execution path via the Viralator CGI, with remedia...

CVE-2001-0918

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely...

Очередные ошибки в CGI

Некомментируется символ перевода строки при вызове внешней команды...

Очередные ошибки в CGI

No description provided...

cgi vulnerability

hi all I found a security hole in Book of guests and Post it! written by Seth Leonard. It is available at http://www.dreamcachersweb.com The problem is that this script doesn't filter out ANY metacharacters from the input and pass it to the shell. Therefore by writing something like...

iBill Management Script - Weak Hard-Coded Password

iBill Management Script - Weak Hard-Coded Password source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default...

Mountain Network Systems WebCart 8.4 - Command Execution

Mountain Network Systems WebCart 8.4 - Command Execution source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by...

Mountain Network Systems WebCart 8.4 - Command Execution

source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by the script. WebCart exploit Spawn bash style Shell with...