QDAV-2001-7-1

--=====================133743754==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Multiple CGI Flat File Database Manipulation Vulnerability qDefense Advisory Number QDAV-2001-7-1 Product: Numerous CGI's Vendor: Numerous Vendors Severity: Remote; Severity varies, but can often be...

CVE-2001-0436

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. dot dot in the AZ parameter to reference the program...

Advisory Ghttp 1.4

/--------------------------------------------/ / - Advisory "Ghttpd 1.4" - / /--------------------------------------------/ / Auteurs : Lionel & Gangstuck / / Contact : [email protected] / / [email protected] / / WEB : www.secu-fr.org / / www.clickmicro.com / / IRC : :secu-fr clickmicro /...

Active Classifieds 1.0 - Arbitrary Code Execution

source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds that may allow remote users to perform some...

Доступ к файлам, удаленное выполнение в gntasweb (anauthorized access)

Классические ошибки CGI на perl...

Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access

The 'ttawebtop.cgi' CGI is installed. The installed version is affected by multiple flaws : - It is possible to read arbitrary files from the remote system by including directory traversal strings in the request. - It may be possible for an attacker to execute arbitrary commands with the privileg...

Очередные дырки в CGI

Обратный путь в директориях...

Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing

source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script included with the Tarantella,...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...

Sean MacGuire Big Brother 1.0/1.3/1.4 - CGI File Creation

source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. ./bb 1.2.3.4...

Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation

Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly...

[SNS Advisory No.29] Trend Micro Virus Control System(VCS) Unauthenticated CGI Usage Vulnerability

SNS Advisory No.29 Trend Micro Virus Control SystemVCS Unauthenticated CGI Usage Vulnerability Problem first discovered: 25 May 2001 Published: 7 Jun 2001 Last Updated: 7 Jun 2001 ---------------------------------------------------------------------- Overview -------- The vulnerability was found ...

CVE-2001-0224

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter...

CVE-2001-0210

Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. dot dot attack in the page parameter...

CVE-2001-0214

Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte...

[SNS Advisory No.28]InterScan VirusWall for NT remote configuration

SNS Advisory No.28 InterScan VirusWall for NT remote configuration Problem first discovered: Thu, 24 May 2001 Published: Thu, 31 May 2001 Last Updated: Thu, 31 May 2001 ---------------------------------------------------------------------- Overview -------- Trend Micro InterScan VirusWall for...

Directory Pro Traversal Arbitrary File Access

The CGI 'directorypro.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

directorypro.cgi , directory traversal

cgi-script directorypro.cgi is vulnerable to a directory traversal. http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd00 I didn't looked at the source of the script but it is probably a script wat normally puts an extension to the requested file. But bij putting the 00...

CVE-2001-0432

The vulnerability CVE-2001-0432 affects Trend Micro Interscan VirusWall 3.01 through its remote administration CGI interface. Multiple CGI programs may overflow when given crafted inputs, allowing remote attackers to execute arbitrary commands. OpenVAS/Nessus entries also describe unauthenticated...

Очередные дырки в CGI

No description provided...