9774 matches found
CVE-2000-0696
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...
CVE-2000-0686
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...
IIS HACKING
Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by Mount Ararat Blossom 9/15/2000...
auction.weaver.txt
File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 -------------------------------------------------------------- Title: File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Author: Steve Christey [email protected] Date Published: October 16, 2000 Product Name: Auction Weaver...
CVE-2000-0832
Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter...
CVE-2000-0832
CVE-2000-0832 affects the htgrep CGI script. The issue is an information-disclosure vulnerability: remote attackers can read arbitrary files by supplying a full pathname in the hdr parameter via the web server, exposing sensitive data. The vulnerability is exploitable over network through the htg...
web_store-cgi.txt
Exploit: http://example.com/cgi-bin/Webstore/webstore.cgi?page=../../../../. ./../../../etc/passwd%00.html...
CVE-2000-0627
BlackBoard CourseInfo 4.0 is affected by an authentication flaw that allows local users to modify CourseInfo database information and gain privileges by directly calling supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. The provided documents do not include remediati...
CVE-2000-0521
Savant web server vulnerability CVE-2000-0521 allows remote disclosure of CGI source by requesting the original CGI form. The OpenVAS NASL description: “Savant original form CGI access” states that attackers can download the unprocessed CGI, exposing sensitive information stored inside those scri...
CVE-2000-0588
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands...
CVE-2000-0511
CUPS Common Unix Printing System 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request...
CVE-2000-0639
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server...
CVE-2000-1204
Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...
CVE-2000-0670
CVE-2000-0670 affects CVSWeb 1.80. The cvsweb CGI script allows remote attackers with write access to a CVS repository to execute arbitrary shell commands. This is a local-style attack vector with the attacker authenticated to the CVS repository, and the impact is arbitrary command execution in t...
CVE-2000-0511
CVE-2000-0511 concerns CUPS (Common Unix Printing System) 1.04 and earlier, where a remote attacker can cause a denial of service by sending a CGI POST request. The vulnerability affects the CUPS CGI handling path and is described as a remote DoS with no confidentiality or integrity impact, and p...
CVE-2000-0063
CVE-2000-0063 affects the Nortel Contivity HTTP server via the cgiproc CGI script, which allows remote attackers to read arbitrary files by passing a filename parameter. This points to an uncontrolled file access flaw in the CGI handler, enabling partial confidentiality impact. The available docu...
CVE-2000-0064
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters...
CVE-2000-0639
The issue affects Big Brother 1.4h2 and earlier; default configuration lacks proper access restrictions, enabling remote upload of a file via bbd that can be executed as a CGI script by the web server, allowing remote command execution. CVSS2 base impact is high (7.5). No remediation details are ...
CVE-2000-0282
The CVE-2000-0282 issue affects TalentSoft Web+ WebPlus CGI (webplus) used in the Web+ shopping cart. The vulnerability is a traversal flaw in the webplus CGI that allows remote attackers to read arbitrary files by using a .. (dot dot) path traversal in the CGI request (e.g., /cgi-bin/webplus?scr...
CVE-2000-0063
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...