9774 matches found
CVE-2000-1110
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...
Informix webdriver CGI Unauthenticated Database Access
The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...
Очередные дырки в CGI
No description provided...
Technote main.cgi filename Parameter Traversal Arbitrary File Access
The technote CGI board is installed. This board has a well known security flaw in the CGI main.cgi that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
DCForum dcboard.cgi Multiple Vulnerabilities
The DCForum dcboard.cgi script is installed. This CGI has some well known security flaws, including one that lets an attacker execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
Дырка в CGI Ikonboard
Классические ошибки perl CGI...
Очередные дырки в CGI
No description provided...
Input validation error in quikstore.cgi allows attackers to execute commands
Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...
CVE-2000-1110
CVE-2000-1110 affects the IBM Net.Data db2www package: the document.d2w CGI program can be probed to reveal the web server’s physical path when a nonexistent command is sent. This is a path disclosure weakness, with partial impact on confidentiality reported (base score 5.0, MITRE ATT&CK not spec...
CVE-2000-0923
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...
CVE-2000-1186
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...
CVE-2000-0924
Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. dot dot attack in the "catigory" parameter...
CVE-2000-1092
CVE-2000-1092 affects EZshopper v3.0 and v2.0 where loadpage.cgi fails to properly validate the parameter; inserting a leading “/” can cause local file listing and reading of EZshopper data files. The root cause is insufficient input validation allowing directory traversal-like behavior, enablin...
CVE-2000-0952
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters...
CVE-2000-1092
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter...
CVE-2000-0977
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter...
EUVD-2000-1171
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...
CVE-2000-1176
CVE-2000-1176 describes a directory-traversal vulnerability in YaBB’s search.pl CGI script, permitting remote attackers to read arbitrary files by abusing a .. (dot dot) input in the catsearch form field. The issue is documented for YaBB SE configurations, including references to older plugins th...
CVE-2000-0944
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...