CVE-1999-0264

The CVE-1999-0264 issue concerns the Miva/htmlscript CGI program. A flaw in the htmlscript CGI allows remote read access to arbitrary files via the CGI, effectively exposing files to unauthenticated remote users. The vulnerability is tied to the htmlscript CGI in /cgi-bin (as described by multipl...

CVE-1999-0262

Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string...

CVE-1999-0173

CVE-1999-0173 relates to the FormMail CGI program, with multiple sources confirming that it can be used by web servers other than the host where it resides. The connected documentation identifies the affected component as FormMail CGI, but does not provide a detailed root cause or a confirmed fix...

CVE-1999-0346

CGI PHP mlog script allows an attacker to read any file on the target server...

CVE-1999-0266

The CVE-1999-0266 issue affects the info2www CGI script, which can allow remote file access or remote command execution. The vulnerability arises from insufficient input filtering of shell meta-characters in early info2www versions, enabling an attacker to run arbitrary commands with the web serv...

CVE-1999-0266

The info2www CGI script allows remote file access or remote command execution...

CVE-1999-0039

webdist CGI program webdist.cgi in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter...

CVE-1999-0058

Buffer overflow in PHP cgi program, php.cgi allows shell access...

CVE-1999-0172

The CVE-1999-0172 entry corresponds to the FormMail CGI (formmail.pl) vulnerability. Public docs describe a well-known security flaw in the FormMail CGI that lets remote attackers execute arbitrary commands on the server with the privileges of the HTTP daemon (often root or nobody). Affected comp...

CVE-1999-0173

FormMail CGI program can be used by web servers other than the host server that the program resides on...

CVE-1999-0146

The CVE-1999-0146 entry refers to the campas CGI program shipped with some NCSA httpd servers. The root cause is improper sanitization of user input in the campas CGI, enabling an attacker to execute arbitrary commands via encoded carriage return characters in the query string, demonstrated by re...

CVE-1999-0191

CVE-1999-0191 affects Microsoft IIS via the CGI newdsn.exe script. The vulnerability exists in the /scripts/tools/newdsn.exe CGI, which allows remote attackers to create or overwrite files on the server if NTFS permissions permit, enabling arbitrary file creation and potential DSN overwrites. The...

CVE-1999-0045

CVE-1999-0045 concerns an information-disclosure flaw in the nph-test-cgi script used by some web servers, where an unauthenticated attacker can list directory contents. The Nessus plugin (NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing) explains that the issue arises because the script does...

CVE-1999-0066

AnyForm CGI remote execution...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

CVE-1999-0066

AnyForm CGI remote execution...

CVE-1999-0045

List of arbitrary files on Web host via nph-test-cgi script...

CVE-1999-0067

CVE-1999-0067 affects the phf CGI program that is included with NCSA httpd-derived web servers. The vulnerability allows remote command execution by supplying shell metacharacters in input processed by the phf CGI script, due to inadequate input sanitization. The issue can execute commands with t...

CVE-1999-0149

CVE-1999-0149 affects the IRIX “wrap” CGI program. The vulnerability allows remote attackers to perform a directory-listing traversal via a .. (dot dot) attack, exposing arbitrary directories. Multiple sources (Red Hat advisory, CVE records, NVD, Nessus plugin) corroborate that the issue stems fr...

CVE-1999-0021

CVE-1999-0021 affects Count.cgi (wwwcount) CGI-bin; remote buffer overflow in handling QUERY_STRING enables arbitrary command execution. Impact is Web server context with the program’s privileges. Affected version(s) include Count.cgi 2.3; remediation per sources is to upgrade to version 2.4 or l...