Carello.dll <= 1.3 Command Execution Vulnerability

Carello.dll was found on the remote web server. SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DCShop exposes sensitive files

We detected a vulnerable version of the DCShop CGI. This version does not properly protect user and credit card information. It is possible to access files that contain administrative passwords, current and pending transactions and credit card information along with name, address, etc...

Remote Code Execution in Knowledge Builder

KnowledgeBuilder is a feature-packed knowledge base solution CGI suite. A vulnerability in this product may allow a remote attacker to execute arbitrary commands on this host. SPDX-FileCopyrightText: 2003 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are...

DBMan CGI server information leakage

It is possible to cause the DBMan CGI to reveal sensitive information, by requesting a URL such as: GET /scripts/dbman/db.cgi?db=no-db SPDX-FileCopyrightText: 2000 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

vpasswd.cgi

The SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11165";...

guestbook.pl

The SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10099";...

Invision Power Board Calendar SQL Injection Vulnerability

The remote host is running Invision Power Board - a CGI suite designed to set up a bulletin board system on the remote web server. A vulnerability has been discovered in the sources/calendar.php file that allows unauthorized users to inject SQL commands. SPDX-FileCopyrightText: 2003 Noam Rathaus...

Whatsup Gold vulnerable CGI

The SPDX-FileCopyrightText: 2004 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.15564";...

CVSTrac cgi.c multiple overflows

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains multiple flaws in the mprintf, vmprintf, and vxprintf functions in cgi.c. A remote attacker, exploiting this flaw, would be able to execute arbitrary code on the remote system...

FAQManager Arbitrary File Reading Vulnerability

FAQManager is a Perl-based CGI for maintaining a list of Frequently asked Questions. Due to poor input validation it is possible to use this CGI to view arbitrary files on the web server. For example: someserver.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 SPDX-FileCopyrightText: 2002 Matt Moore...

PGPMail.pl detection

The SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11070";...

webadmin.php LFI Vulnerability - Active Check

webadmin.php is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sglMerchant Information Disclosure Vulnerability

A CGI viewitem that is a part of sglMerchant is installed. This CGI suffers from a security vulnerability that makes it possible to escape the bounding HTML root directory and read arbitrary system files. SPDX-FileCopyrightText: 2001 Noam Rathaus SPDX-FileCopyrightText: 2001 SecuriTeam Some text...

'printenv' CGI Information Disclosure Vulnerability

The SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10188";...

bizdb1-search.cgi located

One of the BizDB scripts, bizdb-search.cgi, passes a variable SPDX-FileCopyrightText: 2000 Roelof Temmingh Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

counter.exe vulnerability

The CGI SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11725";...

Agora CGI Cross Site Scripting

The remote web server contains a CGI which is vulnerable to a cross-site scripting issue. Description : Agora is a CGI based e-commerce package. Due to poor input validation, Agora allows an attacker to execute cross-site scripting attacks. SPDX-FileCopyrightText: 2002 Matt Moore Some text...

ddicgi.exe vulnerability

The file ddicgi.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache HTTP Server <= 1.3.33 htpasswd Local Overflow Vulnerability

The remote host appears to be running Apache HTTP Server 1.3.33 or older. There is a local buffer overflow in the SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Shopping Cart Arbitrary Command Execution (Hassan)

We detected the presence of the Shopping Cart CGI Hassan. A security problem in this CGI allows execution of arbitrary commands. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...