9774 matches found
Free Online Dictionary of Computing 1.0 - Remote File Viewing
Free Online Dictionary of Computing 1.0 - Remote File Viewing source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and...
Free Online Dictionary of Computing 1.0 - Remote File Viewing
source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as...
ROADS search.pl form Parameter Traversal Arbitrary File Access
The 'search.pl' CGI from ROADS is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CGI - mailnews.cgi vulnerability...
Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...
WebSPIRS webspirs.cgi Traversal Arbitrary File Access
The remote host is running WebSPIRS, SilverPlatter's Information Retrieval System for the web. The installed version of WebSPIRS has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 This script...
Bajie WebServer 0.78/0.90 - Remote Command Execution
source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These uploaded scripts are placed in known destination...
Bajie WebServer 0.780.90 - Remote Command Execution
Bajie WebServer 0.780.90 - Remote Command Execution source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These...
W3.org Anaya Web sendtemp.pl 'templ' Parameter Traversal Arbitrary File Access
The 'sendtemp.pl' CGI is installed. This CGI has a well known security flaw that allows an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10614;...
CVE-2001-0135
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...
Security advisory for analog
SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...
Очередные ошибки в CGI
Различные ошибки с обратным путем в директории приводящие к возможности получения доступа к файлам...
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
The 'pals-cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
ROADS search system "show files" Vulnerability with "null bite" bug
Name: ROADS search system "show files" Vulnerability with "null bite" bug Date: 29.01.2001 About: The search.pl program is a Common Gateway Interface CGI program used to provide an end user search front end to ROADS databases. When accessed with no CGI query, the program can return an HTML form t...
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
The 'commerce.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10612;...
Muscat Empower CGI Malformed DB Parameter Path Disclosure
The remote host appears to be running Muscat Empower. It was possible to get the physical location of a virtual web directory by issuing the following command : GET /cgi-bin/empower?DB=whatever HTTP/1.0 A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C...
Way-board way-board.cgi db Parameter Arbitrary File Access
The 'way-board' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10610;...
CVE-2001-0024
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter...
CVE-2001-0086
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...
CVE-2001-0023
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...