9774 matches found
Apache on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
The directory /cgi-bin-sdb is an Alias of /cgi-bin - most SuSE systems are configured that way. This setting allows an attacker to obtain the source code of the installed CGI scripts on this host. This is dangerous as it gives an attacker valuable information about the setup of this host, or...
News Publisher CGI Vulnerability
Product: News Publisher Versions: Tested v1.05, 1.05a, 1.05b and 1.06 newest OS: Unix and Winnt Vendor: Notified Web Site: www.gwscripts.com The Problem, yet again CGI authors use nested IF statements to decide what action to take upon and incoming request. This time the problem allows ppl to add...
Дырка в News Publisher CGI
Из-за недостаточной проверки ввода пользователя есть возможность добавлять пользователей...
Дырка в Stalker CGI Mail
Макро $File$ и $Attach$ позволяют прикрепить к письму любой файл...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution
source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system...
Simple Web Counter swc ctr Parameter Remote Overflow
The CGI 'swc' Simple Web Counter is present and vulnerable to a buffer overflow when issued a too long value to the 'ctr=' argument. An attacker may use this flaw to gain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael...
Account Manager CGI Vulnerability
Product: Account Manager Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password...
htgrep hdr Parameter Arbitrary File access
The 'htgrep' cgi is installed. This CGI has a well known security flaw that lets anyone read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration 1 source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full...
CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (2)
CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration 2 source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a...
CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (1)
CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration 1 source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a...
CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (1)
source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...
CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)
source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)
source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing...
form-totaller.txt
Content-Type: Remote Root via vulnerible CGI software Date : 13/08/2000 Sender : s1gnal9 Subject : form-totaller Vulnerible CGI X-System : UNIX/NT systems running the form-totaller CGI software X-Status : s1gnal9-ADVISORY-form-totaller.txt X-Greets : Narr0w, f0bic, VetesGirl PRODUCT NAME:...
everythingform.txt
Content-Type: Remote Root via vulnerible CGI software Date : 13/08/2000 Sender : s1gnal9 Subject : everythingform.cgi Vulnerible CGI X-System : UNIX/NT systems running the everythingform.cgi CGI software X-Status : s1gnal9-ADVISORY-everythingform.txt X-Greets : Narr0w, f0bic, VetesGirl PRODUCT...
wais.pl.advisory.txt
Wais.pl parameter passing security problem + Another fine advisory by Scrippie |============================================| Cheers to: zsh, Synnergy, phreak.nl | Lots of Love to: Maja, Hester | --- The CGI --- The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS...
Переполнение буфера в Statistics Server
Переполнение буфера в одном из CGI-компонентов позволяет выполнение кода с привилегией сервера...
Security Bulletin (MS00-057)
Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...