CVE-1999-0854

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file...

CVE-2000-0564

The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter...

access.counter-4.0.7.txt

The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server. Of course, other exploits can be used to get root access on an unpatched OS. The counter...

Sambar Server /cgi-bin/mailit.pl Arbitrary Mail Relay

The Sambar web server is running and the 'mailit.pl' cgi is installed. This CGI takes a POST request from any host and sends a mail to a supplied address. %NASLMINLEVEL 70300 Copyright 2000 by Hendrik Scholz Changes by Tenable: - Revised plugin title 4/2/2009 - Updated to use compat.inc, added CV...

Sambar Server /session/sendmail Arbitrary Mail Relay

The Sambar web server is running. It provides a web interface for sending emails. You may simply pass a POST request to /session/sendmail and by this send mails to anyone you want. Due to the fact that Sambar does not check HTTP referrers you do not need direct access to the server! %NASLMINLEVEL...

Banner.rotating

-- Banner rotating 01 -- -- Description: "Banner rotating 01" is a cgi script distributed for free on several site builder sites, including Hot Area. The script is available on http://www.hotarea.net/web/scripts/banner01/ The cgi script offers numerous functions for those wishing to manage rotati...

Banner Rotation 01

-- Banner rotating 01 -- -- Description: "Banner rotating 01" is a cgi script distributed for free on several site builder sites, including Hot Area. The script is available on http://www.hotarea.net/web/scripts/banner01/ The cgi script offers numerous functions for those wishing to manage rotati...

Vulnerability in CGI counter 4.0.7 by George Burgyan

I've found no mention of this vulnerability in Bugtraq or in the CVE nor have I been able to contact the author, so I'm posting here to give everyone the opportunity to protect themselves. This vulnerability is being actively exploited and has been reported to CERT. The popular CGI web page acces...

CVE-2000-0424

The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters...

George Burgyan CGI Counter 4.0.2/4.0.7 - Input Validation

source: https://www.securityfocus.com/bid/1202/info Due to unchecked code that handles user input in George Burgyan's CGI Counter, remote execution of arbitrary commands at the same privilege level as the web server it is running on is possible. Examples:...

CVE-2000-0411

Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the envreport parameter...

Matt Wright FormMail 1.61.71.8 - Environmental Variables Disclosure

Matt Wright FormMail 1.61.71.8 - Environmental Variables Disclosure source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL th...

CVSweb Detection

CVSweb is a web interface for a CVS repository. It allows users to browse through the history of the source code of a given project. If your environement contains sensitive source code, then access to this CGI should be password-protected. C Tenable Network Security, Inc. include"compat.inc";...

Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure

source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...

CVE-2000-0381

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter...

CVE-2000-0423

Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag...

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage

source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the...

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user withou...

CVE-2000-0422

Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter...

spin_client.cgi Remote Overflow

There is a buffer overrun in the 'spinclient.cgi' CGI program, which will allow anyone to execute arbitrary commands with the same privileges as the web server root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Thanks to Tollef Fog Heen for his help include 'compat.inc' ;...