CVE-1999-0287

Vulnerability in the Wguest CGI program...

CVE-2000-0122

Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program...

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

CVE-1999-0753

CVE-1999-0753 affects the Mini SQL package via the w3-msql CGI script. The issue allows remote attackers to view restricted directories through the CGI, exposing partial confidentiality (per CVSS: Network, Low attack complexity, No authentication, Partial confidentiality/Integrity/Availability). ...

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...

PlusMail plusmail CGI Arbitrary Command Execution

The 'plusmail' CGI is installed. Some versions of this CGI have a well known security flaw that lets an attacker read arbitrary file with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2000-0074

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions...

AltaVista Intranet Search CGI query Traversal Arbitrary File Access

It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Home Free search.cgi Traversal Arbitrary File Access

The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...

imonitor.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 USSR Advisory Code: USSR-2000030 Release Date: January 05, 2000 Systems Affected: IMail IMONITOR PORT 8181 Server for WinNT Version 5.08 and maybe other versions. IMail Server...

CVE-2000-0056

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi...

CVE-1999-0947

AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...

CVE-1999-0935

classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form...

CVE-1999-0951

Vulnerability summary (CVE-1999-0951) : The OmniHTTPd CGI program imagemap.exe is affected by a remote buffer overflow in its /cgi-bin/imagemap.exe CGI. This can allow a remote attacker to execute arbitrary commands with the web server’s privileges (typically nobody or root). The issue is exploit...

CVE-1999-0947

AN-HTTPd server is affected by a remote command execution risk due to default CGI scripts test.bat, input.bat, input2.bat, and ssi/envout.bat that allow shell metacharacters. Exploitation would enable an attacker to run arbitrary commands on the remote host. The vulnerability details are drawn fr...

Mini SQL CGI content-length Field Remote Overflow

The mini-sql program comes with the w3-msql CGI which is vulnerable to a buffer overflow. An attacker may use it to gain a shell on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10296; scriptversion"1.40"; scriptcveid"CVE-2000-0012"...

CVE-1999-1462

Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files...

CVE-2000-0012

Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands...

Tony Greenwood WebWho+ 1.1 - Remote Command Execution

source: https://www.securityfocus.com/bid/892/info WebWho+ is a free cgi script written by Tony Greenwood for executing whois queries via the www. Though it does perform checks for shell escape characters on some parameters, it misses the 'type' variable and allows for malicious input to be sent ...