9774 matches found
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
The remote web server is an AN-HTTPD server which contains default CGI scripts. At least one of these CGIs is installed on the remote server : cgi-bin/test.bat cgi-bin/input.bat cgi-bin/input2.bat ssi/envout.bat It is possible to misuse them to make the remote server execute arbitrary commands...
AN-HTTPd 1.2b - CGI s
AN-HTTPd 1.2b - CGI s source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...
AN-HTTPd 1.2b - CGI s
source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...
CVE-1999-0854
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file...
CVE-1999-0951
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands...
OmniHTTPd imagemap.exe CGI Remote Overflow
The 'imagemap.exe' cgi is installed. This CGI is vulnerable to a buffer overflow that will allow a remote user to execute arbitrary commands with the privileges of your httpd server either nobody or root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Omnicron OmniHTTPd 1.1/2.4 Pro - Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of bounds checking on a strcpy call...
Omnicron OmniHTTPd 1.12.4 Pro - Remote Buffer Overflow
Omnicron OmniHTTPd 1.12.4 Pro - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to t...
CVE-1999-0237
The CVE-1999-0237 entry concerns the Guestbook CGI program, where the vulnerability enables remote execution of arbitrary commands. Multiple connected sources confirm this is tied to the Guestbook CGI, with OpenVAS noting that the flaw allows commands to be run with the web server’s privileges (t...
CVE-1999-0148
The IRIX environment is affected by CVE-1999-0148 due to the installed /cgi-bin/handler CGI, which has a well-known flaw that allows arbitrary command execution. The vulnerability can execute commands with the privileges of the HTTP daemon (root or nobody). Documents consistently describe it as r...
CVE-1999-0172
FormMail CGI program allows remote execution of commands...
CVE-1999-0174
The view-source CGI program allows remote attackers to read arbitrary files via a .. dot dot attack...
CVE-1999-0260
The jj CGI program allows command execution via shell metacharacters...
CVE-1999-0070
test-cgi program allows an attacker to list files on the server...
CVE-1999-0346
The CVE-1999-0346 issue concerns PHP/FI environments with the mylog.html/mlog.html files vulnerable to arbitrary file read. Affected component: PHP/FI prior to 3.0 (mylog.html/mlog.html). Root cause: flaw in the mylog.html/mlog.html handling allows reading arbitrary files on the server. Impact: r...
CVE-1999-0068
The CVE-1999-0068 issue affects PHP/FI’s mylog.html/mlog.html handling, where an arbitrary file read vulnerability allows a remote attacker to read any file on the target server via CGI PHP mylog script. The OpenVAS entries corroborate PHP/FI as affected and suggest remediation by upgrading to ve...
CVE-1999-0264
htmlscript CGI program allows remote read access to files...
CVE-1999-0236
The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...
CVE-1999-0174
Consolidated: CVE-1999-0174 is a traversal flaw in the view_source CGI that allows remote attackers to read arbitrary files via a .. sequence. Affected component: the view_source CGI program; root cause: directory traversal; impact: partial confidentiality. No patch/version details are provided i...
EUVD-1999-0045
List of arbitrary files on Web host via nph-test-cgi script...