Vulnerability in Poll_It cgi v2.0

This has already been sent to securityfocus.com and cgi-world.com. It is now listed at securityfocus.com at http://www.securityfocus.com/bid/1431. Original email that I sent is below: The CGI is available from: http://www.cgi-world.com/pollit.html The bug takes place when calling the CGI and...

CGI-World Poll It 2.0 - Internal Variable Override

CGI-World Poll It 2.0 - Internal Variable Override source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote us...

CGI-World Poll It 2.0 - Internal Variable Override

source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote user by specifying the new value as a variable in the...

CVE-2000-0588

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands...

NetWin dMailWeb Unrestricted Mail Relay

Product: NetWin dMailWeb Type: Unrestricted Mail Relay Severity: Moderate Versions: = 2.6g: Case A All, configuration error: Case B Note: NetWin cwMail also appears vulnerable to the same attacks, and appears to be using exactly the same version numbers. --- Overview dMailWeb is a CGI application...

CVE-2000-0511

CUPS Common Unix Printing System 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request...

CVE-2000-0422

CVE-2000-0422 : Buffer overflow in the Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. Affected component: Netwin DMailWeb CGI. Impact: arbitrary command execution; no patch/mitigation details are provided in the supplied documents. E...

CVE-2000-0423

Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag...

CVE-2000-0423

The CVE-2000-0423 entry describes a vulnerability in Netwin DNEWSWEB CGI where a buffer overflow allows remote attackers to execute arbitrary commands by supplying long values for parameters such as group, cmd, and utag. Affected component is the DNEWSWEB CGI program; root cause is a buffer overf...

CVE-2000-0422

Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter...

CVE-2000-0473

Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory...

CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability

Application Name: WebBanner Random Banner Generator Application Authors: Eric Tachibana Selena Sol and Gunther Birznieks Version: 4.0 Last Modified: 17NOV98 Site: http://www.extropia.com Origin: Script design fault Consequence: User can view files as user the server are running Solution: See at t...

CVE-2000-0639

The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server...

CVE-2000-0526

mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack...

Ошибка в Savant

При непоном GET-запросе сервер выдает содержимое CGI-приложения вместо его результата...

mdma-5.savant.txt

MDMA Advisory 5 by Andrew Lewis aka. Wizdumb Reading of CGI Scripts under Savant Webserver It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request. For example, we connect to port 80 of the server and type "GET...

MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver

MDMA Advisory 5 by Andrew Lewis aka. Wizdumb Reading of CGI Scripts under Savant Webserver It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request. For example, we connect to port 80 of the server and type "GET...

CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...

Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure

source: https://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0 GET /cgi-bin/script.xyz...

Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure

Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure source: https://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0...