CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...

CVE-2000-0677

Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATHINFO environmental variable...

CVE-2000-0670

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters...

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that...

eXtropia Web Store web_store.cgi Traversal Arbitrary File Access

The remote web server is hosting eXtropia WebStore, a shopping cart application. The installed version allows an attacker to read arbitrary files via a .. dot dot attack on the page parameter. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details...

Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access

The remote host contains is running Byte's Interactive Web Shopper, a shopping cart application. The installed version allows for retrieval of arbitrary files from the web server. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by...

Дырка в thttpd &#40;ssi CGI file retrieval&#41;

Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...

thttpd ssi: retrieval of arbitrary world-readable files

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...

thttpd-219.txt

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description The included cgi-bin...

thttpd ssi Servlet Encoded Traversal Arbitrary File Access

The version of thttpd running on the remote host comes with a CGI script, 'ssi', that fails to completely sanitize its PATHTRANSLATED argument of encoded directory sequences. An unauthenticated, remote attacker can use this issue to read arbitrary files on the remote host, subject to the privileg...

Moreover CGI script - File Disclosure

Moreover CGI script - File Disclosure source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for...

Moreover CGI script - File Disclosure

source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for display in the browser, fails to adequatel...

Дырка в Nokia Voyager

Переполнение буфера в одной из cgi-утилит...

Web+ позволяет обратиться к любому локальному файлу

С помощью обратного пути в директориях у CGI-приложения webplus можно запросить любой локальный файл...

TalentSoft Web+ ClientMonitorserver 4.6 - Internal IP Address Disclosure

TalentSoft Web+ ClientMonitorserver 4.6 - Internal IP Address Disclosure source: https://www.securityfocus.com/bid/1720/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. A vulnerability exists in one of the CGI applications implemented by Web+...

TalentSoft Web+ Client/Monitor/server 4.6 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1720/info Talentsoft Web+ is a web application server that can be integrated with various web technologies. A vulnerability exists in one of the CGI applications implemented by Web+. It is possible for a remote user to retrieve the internal IP address in ...

Дырка в HP Openview Network Node Manager

Можно вызвать переполнение буфера в CGI-скрипте требующем авторизованного доступа...

Unixware 7.0 - SCOhelp HTTP Server Format String

Unixware 7.0 - SCOhelp HTTP Server Format String source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided fo...