CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access...

Дырки в Interscan VirusWall, OfficeScan, Virus Buster (remote execution, buffer overflow)

Возможно запустить удаленно несколько CGI имеющих переполнения буфера...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access...

CVE-2001-0795

Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT is vulnerable via CGI programs that handle configuration and do not restrict access. Remote attackers could modify configuration by directly invoking these CGI scripts. Root cause is lack of access controls on certain CGI endpoints. Affected product/...

PT-2001-1972 · Perception · Perception Liteserve

Name of the Vulnerable Software and Affected Versions: Perception LiteServe version 1.25 Description: The issue allows remote attackers to obtain the source code of CGI scripts via URLs that contain MS-DOS conventions, such as upper case letters or 8.3 file names. Recommendations: For Perception...

Re: Bug found in ht://Dig htsearch CGI

Name: ht://Dig htsearch CGI Versions affected: 3.1.0b2 and more recent, including 3.1.5 and 3.2.0b3 Vulnerability: Potential remote exposure. Denial of Service. Details: The htsearch CGI runs as both the CGI and as a command-line program. The command-line program accepts the -c filename to read i...

Доступ к административному интерфейсу в PGP Keyserver (anauthorized access)

Через CGI-приложения можно получить доступ к административному интерфейсу без авторизации...

CVE-2001-0689

Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program...

CVE-2000-0877

CVE-2000-0877 concerns the MailForm 2.0 product, specifically the mailform.pl CGI script. The vulnerability allows remote attackers to read arbitrary files by supplying a filename in the XX-attach_file parameter, which MailForm then sends to the attacker. The issue directly concerns the confident...

Очередные ошибки в CGI

Недостаточная проверка ввода пользователя...

Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL

Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...

CVE-1999-1179

Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands...

CVE-1999-1281

Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program...

CVE-1999-1154

The CVE-1999-1154 entry concerns the LakeWeb Filemail CGI script. The vulnerability arises when a recipient email address can include shell metacharacters, enabling remote command execution via the CGI script. The issue is rooted in improper handling of email input in the CGI component, with a ne...

CVE-1999-1281

CVE-1999-1281 affects the Breeze Network Server (development version). The vulnerability allows remote attackers to reboot the system by accessing the configbreeze CGI program. Impact is indicated as partial availability (per CVSS data), with network access and no authentication required in the d...

CVE-1999-1378

dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files...

CVE-1999-1378

The CVE-1999-1378 entry describes a vulnerability in the dbmlparser.exe CGI guestbook program where a chroot operation is not performed properly, allowing remote attackers to read arbitrary files. The affected component is the CGI guestbook program implemented by dbmlparser.exe; root cause is inc...