HSWeb HTTP Server /cgi Directory Request Path Disclosure (deprecated)

It is possible to request the physical location of the remote web root by requesting the folder '/cgi'. An attacker can exploit this flaw to gain more knowledge about this host. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 C...

CVE-2001-0023

CVE-2001-0023 affects the everythingform.cgi CGI program by Leif Wright. It allows a remote attacker to execute arbitrary commands via shell metacharacters in the config parameter. The available documents do not specify affected versions, root cause details beyond this description, or any provide...

CVE-2001-0086

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...

CVE-2001-0025

ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...

CVE-2001-0024

simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter...

CVE-2001-0023

everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

Дырка в Prospero 1.3.5 CGI

Многочисленные локальные дырки, недостаточно длинные пин-коды и т.д...

SUBMISSION - multiple vulnerabilities in Prospero 1.3.5 CGI

= Warped Force Advisory = Author: darkyoda [email protected] Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI Discovered: 12.15.00 Announced: 2.1.01 Vendor Status: Maintainer notified 12.27.00. New version released. Current version is 1.3.7 Platforms: Any web server capable of running...

Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability

Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability Jin Ho You, [email protected] 1 Discussion CrazyWWWBoardhttp://www.crazywwwboard.com is a web bulletin board program written in C/C++. Insufficient boundary checking exists in the qDecoder CGI library code which...

iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read

The 'hsx.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescripti...

phf CGI Script fails to guard against newline characters

Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...

Дырка в PlanetIntra

Переполнение буфера в одном из CGI-файлов...

CVE-2000-0941

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter...

CVE-2000-0912

The CVE-2000-0912 entry concerns the MultiHTML CGI script (multihtml.pl). Affected component: the multihtml.pl CGI. The underlying issue is a traversal/file-access vulnerability where the attacker can specify the file name via the multi parameter, enabling reading of arbitrary files on the remote...

CVE-2000-0255

The CVE-2000-0255 entry affects the Nbase-Xyplex EdgeBlaster router. The vulnerability arises when an attacker performs a scan for the FormMail CGI program, which can cause a denial of service. Documented impact is network-based, with availability impact described as PARTIAL. The provided sources...

CVE-2000-1014

Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

CVE-2000-0287

The CVE-2000-0287 vulnerability affects BizDB’s web database integration product, specifically the Perl CGI script bizdb-search.cgi. The flaw arises when the dbname parameter is passed to an unchecked open() call, allowing remote attackers to execute commands at the webserver’s privilege level by...