9786 matches found
Special characters for penetration invasion decrypt-vulnerability warning-the black bar safety net
AnalysisServerof the web application, likethe forum, chat rooms, and found their programming bugs or omissions, so for 8 0 port the penetration of the invasion, it seems just a hacker program Master of things. In fact, although we will not write programs, but the use of the special structure of t...
Lynx: Arbitrary command execution
Background Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators. Description iDefense labs discovered a problem within the feature to execute local cgi-bin programs via the "lynxcgi:" URI handler. D...
Acme thttpd < 2.24 CGI Test Script Symlink Arbitrary File Overwrite
Binary data 3282.prm...
ping.asp
The 'ping.asp' CGI is installed. Some versions allows a cracker to launch a ping flood against your machine or another by entering '127.0.0.1 -l 65000 -t' in the Address field. OpenVAS Vulnerability Test $Id: pingasp.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: ping.asp Authors: Michel...
bizdb1-search.cgi located
BizDB is a web database integration product using Perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefore be made to execute commands at the privilege level of the webserver. The variable is dbname, and if passed a semicolon...
DBMan CGI server information leakage
It is possible to cause the DBMan CGI to reveal sensitive information, by requesting a URL such as: GET /scripts/dbman/db.cgi?db=no-db OpenVAS Vulnerability Test $Id: dbmancgi.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: DBMan CGI server information leakage Authors: Noam Rathaus Changes b...
Simple PHP Blog: Multiple XSS Vulnerabilities
=========================================================== Simple PHP Blog: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0511-001, November 2, 2005...
PGPMail.pl detection
The 'PGPMail.pl' CGI is installed. Some versions up to v1.31 a least of this CGI do not properly filter user input before using it inside commands. This would allow a cracker to run any command on your server. Note: OpenVAS just checked the presence of this CGI but did not try to exploit the flaw...
Zeroboard flaws (2)
The remote web server contains several PHP scripts that are prone to arbitrary PHP code execution and file disclosure attacks. Description : The remote host runs Zeroboard, a web BBS application popular in Korea. The remote version of this CGI is vulnerable to multiple flaws which may allow an...
msmmask.exe
The msmmask.exe CGI is installed. Some versions allow an attacker to read the source of any file in your webserver's directories by using the 'mask' parameter. OpenVAS Vulnerability Test $Id: msmmask.nasl 5786 2017-03-30 10:08:58Z cfi $ Description: msmmask.exe Authors: Michel Arboi Copyright:...
BadBlue invalid null byte vulnerability
It was possible to read the content of /EXT.INI BadBlue configuration file by sending an invalid GET request. A cracker may exploit this vulnerability to steal the passwords. OpenVAS Vulnerability Test $Id: badbluenullbyte.nasl 7175 2017-09-18 11:55:15Z cfischer $ Description: BadBlue invalid nul...
Netware Perl CGI overflow
The remote web server crashes when it receives a too long URL for the Perl handler. It might be possible to make it execute arbitrary code through this flaw. See http://support.novell.com/servlet/tidfinder/2966549 OpenVAS Vulnerability Test $Id: netwareperloverflow.nasl 8023 2017-12-07 08:36:26Z...
CVSTrac history.c history_update function overflow
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. OpenVAS has...
CVSTrac ticket title arbitrary command execution
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to ticket titles containing a semi-colon ';' that may allow an attacker to execute arbitrary commands on the system. OpenVAS has determined the vulnerability...
vpasswd.cgi
The 'vpasswd.cgi' CGI is installed. Some versions do not properly check for special characters and allow a cracker to execute any command on your system. Warning : OpenVAS solely relied on the presence of this CGI, it did not determine if you specific version is vulnerable to that problem OpenVAS...
Apache <= 1.3.33 htpasswd local overflow
The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is...
formmail.pl
The 'formmail.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. OpenVAS Vulnerability Test $Id: formmailpl.nasl 6703 2017-07-12 13:57:25Z cfischer $ Description: formmail.pl Authors: Mathieu...
Easy Message Board Command Execution
The remote host is running Easy Message Board, a bulletin board system written in perl. The remote version of this script contains an input validation flaw which may be used by an attacker to perform a directory traversal attack or execute arbitrary commands on the remote host with the privileges...
alya.cgi
alya.cgi is a cgi backdoor distributed with multiple rootkits. OpenVAS Vulnerability Test $Id: alya.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: alya.cgi Authors: Jason Lidow Copyright: Copyright C 2002 Jason Lidow This program is free software; you can redistribute it and/or modify it...
Linksys Gozila CGI denial of service
The Linksys BEFSR41 EtherFast Cable/DSL Router crashes if somebody accesses the Gozila CGI without argument on the web administration interface. OpenVAS Vulnerability Test $Id: linksysgozilacgiDoS.nasl 6702 2017-07-12 13:49:41Z cfischer $ Description: Linksys Gozila CGI denial of service Authors:...