HP OpenView Network Node Manager 6.10 - SNMP Denial of Service

source: https://www.securityfocus.com/bid/1713/info The OverView5 CGI interface by default is shipped with HP Openview Node Manager. HP Openview Node Manager can be compromised due to an unchecked buffer. By sending a specially crafted GET request comprised of 136 bytes to the web services defaul...

Unixware 7.0 - SCOhelp HTTP Server Format String

source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could all...

CVE-2000-0690

Auction Weaver CGI script 1.02 and earlier is affected by a remote command execution vulnerability: an attacker can inject shell metacharacters into the fromfile parameter to execute arbitrary commands. According to the PacketStorm entry, a patch exists (Auction Weaver 1.05). The NVD entry confir...

CVE-2000-0690

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter...

CVE-2000-0696

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier is affected by a traversal flaw that lets remote attackers read arbitrary files through a .. attack in the fromfile parameter. Affected product: Auction Weaver LITE (1.0–1.04) per historical advisories; impact is remote file disclosure. Patch available: ...

CVE-2000-0687

CVE-2000-0687 affects Auction Weaver CGI script LITE (1.0–1.04). A directory traversal flaw in the catdir parameter allows remote attackers to read arbitrary files. The vulnerability is remotely exploitable and was reported for UNIX and Windows NT platforms. The issue arises in versions 1.0 throu...

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...

CVE-2000-0696

The CVE-2000-0696 entry concerns the dwhttpd web server’s administration interface in Solaris AnswerBook2 . The vulnerability arises because the admin interface does not properly authenticate requests to its supporting CGI scripts, enabling a remote attacker to add user accounts by directly invok...

Sambar Server search CGI vulnerability

Vulnerable: Sambar Server 4.4 Beta 3 Systems : WinNT, Win95 OSR2, possibly Linux affected Product : http://www.sambar.com Discovery : [email protected] Discussion ----------- The Sambar Server comes with a non-caching HTTP proxy server and basic SMTP, POP3, and IMAP4 proxy servers compiled in...

MultiHTML multihtml.pl Traversal Arbitrary File Access

The 'multihtml.pl' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files on the remote host through the 'multi' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

sambar-http.txt

Sambar Server search CGI vulnerability + Advisory by dethy www.synnergy.net |==============================================| Advisory 13 Vulnerable: Sambar Server 4.4 Beta 3 Systems : WinNT, Win95 OSR2, possibly Linux affected Product : http://www.sambar.com Discovery : [email protected]...

YaBB YaBB.pl num Parameter Traversal Arbitrary File Access

The 'YaBB.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Дырка в SiteMinder

С помощью специально сконструированной URL можно получить доступ к закрытым документам, кроме того, можно получить исходные тексты CGI-приложений...

Unsafe passing of variables to mailform.pl in MailForm V2.0

Title: Unsafe passing of variables to mailform.pl in MailForm V2.0 For Unix or NT Advisory Author: Karl Hanmore [email protected] Script URL: http://rlaj.com/scripts/mailform Script Author: Ranson Johnson Advisory Released: 11 September 2000 Vendor notified: [email protected] 05 Sept...

Matt Kruse calendar_admin.pl Shell Metacharacter Arbitrary Command Execution

The 'calendaradmin.pl' CGI is installed. This CGI has a well known security flaw that allows a remote attacker to execute commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

Дырки в DocumentDirect

Многочисленные переполнения буфера в CGI...

Проблемы с установкой Apache в SuSE Linux

Ошибка в файле конфигурации стандартной установки позволяет получать исходные тексты CGI-приложений. Кроме того, компонент WebDAV позволяет получать список файлов в директории...

ISSalert: Internet Security Systems Security Advisory: Buffer Overflow in IBM Net.Data db2www CGI program

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security...

@stake Advisory: SuSE Apache CGI Source Code Viewing (A090700-2)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com www.cerberus-infosec.co.uk Security Advisory Release Date: 09/07/2000 Application: Apache 1.3.9/12 Platform: SuSE Linux 6.3 and 6.4 Severity: An attacker can gain access to source code of CGI scripts. As such they may be...