ultrascripts ultraboard 1.6 - Directory Traversal

source: https://www.securityfocus.com/bid/1164/info UltraBoard 1.6 and possibly all 1.x versions is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations, the file must reside on the same...

Buffer overflows in Skyline/SpinBox client

There are some buffer overflows in SpinBox/1.1 from the spinserver.conf. SpinBox is an SSI/cgi-tool used by advertisement companies, made by Skyline. Since this is closed source software, I can't post the sources. The buffer overflows are mostly in the query string strcat and strcpy instead of...

Cart32 3.0 - expdate Administrative Information Disclosure

Cart32 3.0 - expdate Administrative Information Disclosure source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging...

BizDB bizdb-search.cgi Arbitrary Command Execution

BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at the privilege level of the web server. The variable is dbname, and if passed a semicolo...

CVE-2000-0012

Affected component: w3-msql CGI in the miniSQL package. Root cause: a buffer overflow in the w3-msql CGI program. Impact: remote attackers could exploit this to execute commands and potentially gain a shell on the affected system. Exploitation status: described as a remote overflow vulnerability;...

CVE-2000-0192

The default installation of Caldera OpenLinux 2.3 includes the CGI program rpmquery, which allows remote attackers to determine what packages are installed on the system...

CVE-2000-0012

Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands...

CVE-2000-0192

The CVE-2000-0192 issue affects the default installation of Caldera OpenLinux 2.3 via the rpm_query CGI, which allows remote attackers to enumerate installed RPMs by accessing the CGI over the web server. This leads to information disclosure about installed services and versions (partial confiden...

CMD.EXE overflow (CISADV000420)

Cerberus Information Security Advisory CISADV000420 http://www.cerberus-infosec.co.uk/advisories.html Released : 20th April 2000 Name : CMD.EXE overflow Affected Systems : Windows NT/2000 Issue : See details Author : David Litchfield [email protected] Description The Cerberus Security Team...

Microsoft FrontPage htimage.exe CGI Remote Overflow

The htimage.exe CGI is installed on the remote web server. This CGI is vulnerable to a remote buffer overflow attack when it is given the request : /cgi-bin/htimage.exe/AAAA....AAA?0,0 A remote attacker could use this to crash the web server, or possibly execute arbitrary code. %NASLMINLEVEL 7030...

Infonautic's getdoc.cgi may allow unauthorized access to documents

Message-ID: [email protected] Date: Tue, 11 Apr 2000 16:23:49 -0700 From: Black Watch Labs [email protected] To: [email protected] Subject: Infonautic's getdoc.cgi may allow unauthorized access to documents Hello Elias, As mentioned in the Friday, April 7 ema...

CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution

CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution source: https://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefor...

CVE-2000-0287

The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter...

Windmail.exe Shell Metacharacter Arbitrary Command Execution

The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

TalentSoft Web+ webplus CGI Traversal Arbitrary File Access

The 'webplus' CGI allows an attacker to view any file on the target computer by requesting : GET /cgi-bin/webplus?script=/../../../../etc/passwd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10367; scriptversion"1.33"; scriptcveid"CVE-2000-0282"...

CVE-2000-0208

The CVE-2000-0208 issue affects the htsearch CGI in the htdig/ht://Dig package. Affected component is the htsearch CGI; the root cause is that parameters to htsearch can be crafted with backticks to cause remote reading of arbitrary files, enabling information disclosure. Impact per sources is pa...

CVE-2000-0208

The htdig ht://Dig CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks in parameters to htsearch...

CVE-2000-0207

CVE-2000-0207 affects SGI InfoSearch Infosrch.cgi where the fname parameter fails to sanitize input, enabling remote arbitrary command execution via shell metacharacters. This is a remote web-server issue likely yielding command execution under the web server user. Nessus notes describe the flaw ...

AnalogX SimpleServer 1.03 Remote Crash

t P G tPG ADVISORY Author: Presto Title: AnalogX SimpleServer 1.03 Remote Crash Date: Mar.23.2k Description This problem is similar to the one USSRback.com reported on in Dec.1999 in reference to version 1.01. In that report, a 'GET' command with 1000 char buffer would cause a buffer overflow...

WebObjects DoS

Howdy, We've found a DoS in WebObjects apps with a possible remote exploit. So far we've found this problem in WebObjects 4.5 Developer running with the CGI-adapter and IIS 4.0 on NT 4.0 SP5. WO 4.5 Beta on Solaris 2.6 with Netscape Enterprise isn't vulnerable. Overview: If you send a large 4.1K...