9774 matches found
CVE-2000-0868
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...
CVE-2000-0941
The CVE-2000-0941 entry concerns the KW Whois CGI script (KW Web) version 1.0, which fails to filter shell metacharacters in the 'whois' parameter. This allows an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the http daemon. The vulnerability is demonstrat...
CVE-2000-0255
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program...
CVE-2000-0944
The CVE-2000-0944 issue affects CGI Script Center News Update 1.1. The vulnerability is in the password change flow where the original news administration password is not properly validated, enabling remote attackers to modify the password without knowing the original. Impact is unauthenticated r...
CVE-2000-0878
The CVE-2000-0878 entry notes a vulnerability in a mailto CGI script where a remote attacker can execute arbitrary commands through shell metacharacters in the emailadd form field. This is a remote code execution risk stemming from unsafely handling input in a CGI script. The issue is described w...
CVE-2000-0944
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...
CVE-2000-1005
The CVE-2000-1005 entry concerns directory traversal in eXtropia WebStore CGI scripts (html_web_store.cgi and web_store.cgi). An attacker can read arbitrary files by supplying a .. (dot dot) path in the page parameter, enabling remote file disclosure. The vulnerability is evidenced by multiple so...
CVE-2000-0977
The CVE-2000-0977 issue affects MailFile 1.10 via mailfile.cgi, where a remote attacker can read arbitrary files by supplying a target filename in the POST parameter and having it emailed to the address in the email parameter. The underlying cause is improper handling of the filename parameter in...
CVE-2000-0912
MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...
CVE-2000-0977
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter...
CVE-2000-0952
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters...
CVE-2000-0923
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...
wwwwais QUERY_STRING Parameter Remote Overflow
The 'wwwwais' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
Дырка в CGI wwwwais
Классическое переполнение буфера...
UltraBoard cgi directory permission problem
Hacksware Bug Report 1. Name: UltraBoard cgi directory permission problem 2. Release Date: 2001.1.12 3. Affected Application: UltraBoard 2000 Personal Edition Version 2.11 http://www.ub2k.com/downloads/UB211PEB1.zip 4. Author: [email protected] 5. Type: Configuration Error 6. Explanation In defau...
Очередные дырки в CGI
Некорректные файловые разрешения...
IIS 5.0 allows viewing files using %3F+.htr
Georgi Guninski security advisory 33, 2001 IIS 5.0 allows viewing files using 3F+.htr Systems affected: IIS 5.0 patched against the file fragment reading vulnerability Risk: Medium Date: 8 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it...
CVE-2000-1176
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. dot dot attack in the "catsearch" form field...
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...
CVE-2000-1186
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...