9774 matches found
solarisab2.txt
Date: Sun, 23 Aug 1998 21:02:30 -0700 From: Marc Slemko Subject: Solaris ab2 web server is junk For anyone who didn't figure out in the first two seconds after installing Solaris that running Sun's well, ok, it is some third party server but Sun is licensing it answerbook web server is silly, now...
activeperl.516.dos.txt
Date: Mon, 31 May 1999 07:16:53 -0700 From: Michael Smith To: [email protected] Subject: ActiveState Security Advisory Problem -------- PerlScript and Perl-ISAPI that come with ActivePerl 516 and earlier versions, inadequately check the length of path information sent to open. Due ...
cgichk.r
REBOL Title: "CGI Scanner" Author: "Epicurus" Date: 29-May-1999 File: %cgichk.r Purpose: To scan a domain for CGI scripts with known vulnerabilities. secure none print "CGI Scanner in Rebol v1.0" prin "Host: " remote: input scripts: %/cgi-bin/rwwwshell.pl %/cgi-bin/phf %/cgi-bin/Count.cgi...
anyboard.forum.passwd.txt
Date: Sat, 24 Apr 1999 03:55:39 +0200 From: "Bluefish @ home" To: [email protected] Subject: Anyboard www.netbula.com problem's publicly discussed in eurohack Draz Q published a short summary of problems with a webrelated software in eurohack. Basicly it sounds pretty much like a common CGI...
cgi-check.r
REBOL Title: "CGI Check" Date: 17-May-1999 Author: "loser" File: %cgi-check.r Email: [email protected] Purpose: Popular CGI scanner ported to REBOL. secure none print "CGI Scanner. Ported by loser." prin "Site to scan: " site: input a: exists? join http:// site "/cgi-bin/rwwwshell.pl " if a ==...
cgi-check99.2.r
REBOL Title: "CGI Check 99 v0.2" Date: 8-Jun-1999 Author: "deepquest" Comment: "extR4 shOut 2: loser, packetstorm, attrition, H4k, uha1, acpm, krisTof, mad55, siRYus, bl4St, nucleus, & Other H4k cR3Ws" File: %cgi-check99.r Email: [email protected] Purpose: Popular CGI scanner ported and...
valueclick-cgi.txt
Date: Sat, 19 Dec 1998 17:19:34 +0200 From: Philip Stoev Reply-To: Bugtraq List To: [email protected] Subject: ValueClick CGI Vulnerability The following text is in the "KOI8-R" character set. Your display is set for the "US-ASCII" character set. Some characters may be displayed incorrectly. T...
cgi-check99.r
REBOL Title: "CGI Check 99" Date: 27-May-1999 Author: "deepquest 98% by loser" Comment: "respect and source from loser" File: %cgi-check99.r Email: [email protected] Purpose: Popular CGI scanner ported and improved to REBOL. secure none print "CGI Scanner. Ported by loser improved by...
msie4.width.000.txt
Jim Paris http://home.jtan.com/jim/bugs/ie/width.html Internet Explorer 4.x "width=000..." bug Some versions of Microsoft Internet Explorer will crash when given a long "width=" or "height=" string in an image tag under the correct circumstances. In most cases, IE will stop parsing the "width="...
webcom.cgi.guestbook.txt
Date: Fri, 9 Apr 1999 20:41:39 +0100 From: Mnemonix To: [email protected] Subject: Webcom's CGI Guestbook for Win32 web servers I reported a while back on Webcom's www.webcom.se CGI Guestbook wguest.exe and rguest.exe having a number of security problems where any text based file o...
big.brother.1.09.b-c.txt
Date: Mon, 26 Apr 1999 06:49:59 -0400 From: Sean MacGuire To: [email protected] Subject: FW: Security Notice: Big Brother 1.09b/c http://www.maclawran.ca/bb/ for more info on Big Brother. -----FW: ----- Date: Mon, 26 Apr 1999 06:49:59 -0400 EDT From: Sean MacGuire To: [email protected] Subject:...
omnihttpd.webserver.txt
Date: Sat, 5 Jun 1999 09:53:51 +0300 From: Valentin Perelogin To: [email protected] Subject: Remote Exploit Bug in OmniHTTPd Web Server Hi all, The exploit bug will make temp files on the server until servers hdd is full. And anyone can do it remotely. By default visadmin.exe Visitor...
Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution
Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a...
Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution
source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. Via the web...
Oracle Webserver PL/SQL Stored Procedure GET Request DoS
It was possible to make the remote web server crash by supplying a too long argument to the cgi /ews-bin/fnord. An attacker may use this flaw to prevent your customers to access your website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
CVE-1999-1378
dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files...
Web Server /cgi-bin Shell Access
The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the HTTP daemon. %NASLMINLEV...
Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities
The CGI script ppdscgi.exe, part of the PowerPlay Web Edition package, is installed. Due to design problems as well as some potential web server misconfiguration PowerPlay Web Edition may serve up data cubes in a non-secure manner. Execution of the PowerPlay CGI pulls cube data into files in an...
Multiple Vendor phf CGI Arbitrary Command Execution
The 'phf' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Xylogics Annex Terminal Service ping CGI Program DoS
It was possible to crash the remote Annex terminal by connecting to the HTTP port, and requesting the '/ping' CGI script with an argument that is too long. For example: http://www.example.com/ping?query=AAAAA...AAAAA %NASLMINLEVEL 70300 C Tenable Network Security, Inc...