Caldera OpenLinux 2.3 - rpm_query CGI

Caldera OpenLinux 2.3 - rpmquery CGI source: https://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and...

Caldera OpenLinux 2.3 - rpm_query CGI

source: https://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this...

SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution

The remote web server is hosting the 'infosrch.cgi' script. The installed version of this script fails to properly sanitize user- supplied input to the 'fname' variable. An attacker, exploiting this flaw, could execute arbitrary commands on the remote host subject to the privileges of the web...

CVE-2000-0177

DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters...

htdig.txt

software: ht://Dig URL: http://www.htdig.org/ Version: 3.1.4, 3.2.0b1 and previous Platforms: Unix, Win32, MacOS, Mac OS X Server Type: CGI, Input validation problem Vendor status: Notified, patch already available Date: 02/28/2000 Summary: Any remote user can view arbitrary files on your system...

NetWin DNews 5.3 Server - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/1172/info DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group...

FreeBSD-SA-00:06.htdig

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:06 Security Advisory FreeBSD, Inc. Topic: htdig port allows remote reading of files Category: ports Module: htdig Announced: 2000-03-01 Affects: Ports collection before...

CVE-2000-0187

EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

CVE-2000-0188

EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

sambar.bat.txt

PRODUCT ------- The Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows NT and Windows 95. AFFECTED VERSIONS ----------------- All version of Sambar server running under Windows NT 4.0 and Windows 2000. Windows 98 version is vulnerable. VULNERABILITY DESCRIPTION...

Sambar Server 4.2 Beta 7 - Batch CGI

source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with...

Sambar Server 4.2 Beta 7 - Batch CGI

Sambar Server 4.2 Beta 7 - Batch CGI source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any vali...

CVE-2000-0213

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters...

Sambar Server Multiple Script Arbitrary Code Execution

At least one of these CGI scripts is installed : hello.bat echo.bat They allow any attacker to execute commands with the privileges of the web server process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10246;...

rcgixploit.c.txt

/ DESIGNER: ZinCShC E-Mail: [email protected] DATE: Mon Feb 14 15:28:19 GMT+2 2000 @601 MADE ON: linux SLackWarE.- GREETINGS: Packo, BlackSouL.- COMPILE: gcc -o rcgix rcgixploit.c DESCRIPTION: Remote Cgi Exploit, looking For PHF ,PHP ,HANDLER ,UPTIME, FINGER and try to Collect Useful FILES such ...

ultimatebb.txt

Hello. Writing cgi scripts in perl is simple. It's also rather safe, providing authors follow very simple instructions. But they don't. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those...

Zeus Web Server Null Byte Request CGI Source Disclosure

The remote host is running the Zeus Web Server. Versions 3.1.x to 3.3.5 of this web server are vulnerable to a bug that allows an attacker to view the source code of CGI scripts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

zeus.null.txt

This morning Zeus Technology Limited was informed of a serious security bug in the Zeus Webserver by 'The Relay Group' http://relaygroup.com. This document describes the scope of the problem and its solution. Versions affected ----------------- Zeus 3.1.x / 3.3.x Severity -------- High- this bug...

CVE-2000-0122

CVE-2000-0122 affects FrontPage Server Extensions. A remote attacker can determine the physical path of a virtual directory by issuing a GET to htimage.exe, leading to information disclosure about server layout. The provided records do not specify affected versions, exact vulnerable component det...

CVE-2000-0149

Zeus web server allows remote attackers to view the source code for CGI programs via a null character %00 at the end of a URL...