9774 matches found
PT-1999-1819 · Webwho+ · Webwho+
Name of the Vulnerable Software and Affected Versions: WebWho+ versions affected versions not specified Description: The issue allows remote attackers to execute commands via shell metacharacters in the TLD parameter of the whois.cgi program. Recommendations: At the moment, there is no informatio...
CVE-2000-0022
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory...
IBM Lotus Domino HTTP Server Filesystem Setup Disclosure
It is possible to get the absolute path leading to the remote /cgi-bin directory by requesting a bogus cgi. This issue can be used to obtain OS and installation details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
CVE-1999-0935
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form...
Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write
The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...
hhp-whois_adv0013.txt
hhp Whois.CGI - ADVISORY. hhp hhp-ADV12 11/9/99 8:42:57pm CST By: loophole [email protected] - http://hhp.perlx.com What?: Hole in several known/unknown Whois CGI packages. Versions?: 1. Whois Internic Lookup - version: 1.0 2. CC Whois - Version: 1.0 3. Matt's Whois - Version: 1 Exploit!: These...
iis4.path.txt
Hello, There is another one way to retrieve a full path to local files in IIS4: If there is external CGI application configured for some file type and this application doesn't produce correct HTTP headers IIS generates an error with output of application both stdout and stderror. The problem is,...
Matthew Wright FormMail CGI (formmail.cgi) Arbitrary Mail Relay
The 'formmail.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: -...
Matt Wright guestbook.pl Arbitrary Command Execution
The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: ...
WWWBoard passwd.txt Authentication Credential Disclosure
The remote host is running WWWBoard, a bulletin board system written by Matt Wright. This board system comes with a password file passwd.txt installed next to the file 'wwwboard.html'. An attacker may obtain the contents of this file and decode the password to modify the remote www board...
Antelope Software W4-Server 2.6 a/Win32 - 'Cgitest.exe' Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform bounds checking on user supplied data and is vulnerable to a buffer overflow...
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
The 'bigconf' CGI is installed. This CGI has a well-known security flaw that allows an attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
cobalt.cgiwrap.txt
There is a problem actually several with the "cgiwrap" program on Cobalt RaQ2 servers. It is supposed to run CGI programs as the proper user instead of "nobody" to make CGIs a little more secure. The Cobalt directory structure is as follows: /home/sites/site1/ - top level directory of the site...
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...
Alibaba tst.bat Arbitrary Command Execution
The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
Alibaba get32.exe Arbitrary Command Execution
The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon typically root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities // source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
// source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver practice. This results in various...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...