talkback.txt

whizkunde security advisory: talkback CGI http://www.whizkunde.org | [email protected] ---------------------------------------------------------- Release date: April 9th 2001 Subject: talkback.cgi security problem Systems affected: UNIX systems running talkback CGI script Vendor:...

nph-maillist 3.03.5 - Arbitrary Code Execution

nph-maillist 3.03.5 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the...

nph-maillist 3.0/3.5 - Arbitrary Code Execution

source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form, and then force a mailing which wil...

CVE-2001-0291

CVE-2001-0291 describes a buffer overflow vulnerability in a post-query sample CGI program. The flaw allows remote attackers to execute arbitrary commands by sending an HTTP POST request containing at least 10001 parameters. The NVD entry lists a high impact (base score 10.0) with complete confid...

CVE-2001-0307

Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist...

CVE-2001-0291

Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters...

CVE-2001-0307

CVE-2001-0307 affects Bajie HTTP JServer 0.78 and earlier than 0.80. The vulnerability allows remote command execution via shell metacharacters in an HTTP request for a CGI program that does not exist. NVD lists a CVSS v2 base score of 7.5 (HIGH) with network access, no authentication, and partia...

uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access

The 'ustorekeeper.pl' CGI script installed on the remote host allows an attacker to read arbitrary files subject to the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access

The CGI script 'anacondaclip', which comes with anacondaclip.pl, is installed on this machine. This CGI has a well-known security flaw that allows an attacker to read arbitrary files on the remote system with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable...

Дырка в CGI pwc (format string bug)

Ошибка форматной строки при работе с syslog...

Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access

The 'store.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10639;...

Очередная дырка в WebSite Pro

CGI-директории по умолчанию открыты на запись. В состав сервера входит программа, позволяющая загружать файлы на сервер. Кроме того, при определенном запросе сервер показывает путь к локальным файлам, что суммарно позволяет загрузить и выполнить любой файл на сервере...

Aspseek Buffer Overflow

|---------------------------------------------------------------------------------------| / Product: Aspseek Search Engine. Vendor URL: www.aspseek.org / Tested on: v1.0.0 - v1.0.3 Freeware Linux Vendor Contact: Mailed on 8th March NO Reply Vendor Patched though / |-- The Problem,...

CVE-2001-0135

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...

Дырки в CGI Iconboard

Обратный путь в директориях в сочетании с ошибкой NULL-byte позволяет получить содержимое любого файла...

Ошибка в post-query CGI

Переполнение буфера...

Remote buffer overflow condition in post-query (CGI).

The overflow condition is very easily exploitable, since the code actually supplies the pointer to the exploit code itself, odd as it maye seem. The pointer thusly does not need to be second-guessed at all, making life much easier for crackers. Code excerpts; ... define MAXENTRIES 10000 typedef...

CVE-2001-0224

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter...

CVE-2001-0224

CVE-2001-0224 affects the Muscat Empower CGI program. A remote attacker can cause disclosure of the server’s absolute pathname via an invalid request in the DB parameter. The issue is demonstrated by a misleading DB parameter in a GET request to the CGI (e.g., GET /cgi-bin/empower?DB=whatever), w...

CVE-2001-0210

Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. dot dot attack in the page parameter...