man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)

No description provided by source. / str0ke@server:$ ./test some.edu "w" /cgi-bin/man2web 80 1 /str0ke / / dl-mancgi.c v0.2 x86/linux multipie man2web cgi-scripts remote command spawn found and coded by tracewar darklogic team for educaional purposes only. greetz goes to: matan peretz, ofer shake...

man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)

Exploit for cgi platform in category web applications =================================================================== man2web include include include include void usagechar argv0 fprintfstderr, "x86/linux multipie man2web cgi-scripts remote command spawn\n"; fprintfstderr, "researched by...

man2web 0.88 - Multiple Remote Command Executions (2)

man2web 0.88 - Multiple Remote Command Executions 2 / str0ke@server:$ ./test some.edu "w" /cgi-bin/man2web 80 1 /str0ke / / dl-mancgi.c v0.2 x86/linux multipie man2web cgi-scripts remote command spawn found and coded by tracewar darklogic team for educaional purposes only. greetz goes to: matan...

Web applications security vulnerabilities &#40;PHP, ASP, CGI, Perl, etc&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

greymatterXSS.txt

Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like , administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log files Admin...

cosmoshop81078.txt

author : l0om innate| @t | gmx.de WWW.EXCLUDED.ORG product: cosmoshop version: = 8.10.78 problem: 1. sql injection 2. cleartext passwords 3. view any file maunuf.: www.cosmoshop.de what is cosmoshop cosmoshop is a comercial shop system written as a CGI. where is the problem 1. sql injection...

[cosmoshop &lt;= 8.10.78] be the shopadmin in one step

author : l0om innate| @t | gmx.de WWW.EXCLUDED.ORG product: cosmoshop version: = 8.10.78 problem: 1. sql injection 2. cleartext passwords 3. view any file maunuf.: www.cosmoshop.de what is cosmoshop cosmoshop is a comercial shop system written as a CGI. where is the problem 1. sql injection...

JVN#42435855 FreeStyleWiki command injection vulnerability

Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution Products Affected FreeStyleWiki 3.5.8 and earlier...

Web applications security vulnerabilities &#40;PHP, ASP, CGI, Perl, etc&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Apache web server DoS

Wide HTTP request byterange paramters for CGI application leads to memory exhaustion...

[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability

Gentoo Linux Security Advisory GLSA 200508-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Apache 2.0: Denial of Service vulnerability

Background The Apache HTTP Server Project is a featureful, freely-available HTTP Web server. Description Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap...

pservBad.txt

Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, From...

rt-sa-2005-011.txt

Advisory: Pico Server pServ Information Disclosure Of CGI Sources RedTeam found a Information Disclosure vulnerability in Pico Server pServ which gives an attacker the ability to read all files from cgi-bin. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, From...

Gallery PostNuke Integration Access Validation Privilege Escalation

The remote host is running Gallery, a web-based photo album. According to its banner, the version of Gallery installed on the remote host is subject to an access validation issue when integrated with PostNuke, as is the case on the remote host. The issue means that any user with any level of admi...

ultimateCGI.txt

The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi URL: http://www.yourdomain.com/yourcgidir/admin.cgi I have tested the script with the following query:...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

CVE-2002-2113

CVE-2002-2113 concerns AGH HTMLsearch 1.0. The vulnerability resides in the CGI script search.cgi, where the template parameter can be tainted to pass shell metacharacters. This enables a remote attacker to execute arbitrary commands on the affected system. The available documents consistently de...

JVN#29273468 QRcode Perl CGI & PHP script vulnerable to denial of service attack

Impact A remote attacker may cause a denial of service DoS attack. Solution Products Affected QRcode Perl/CGI & PHP script ver. 0.50f and earlier including both Perl versions and PHP versions...

Advanced Guestbook User-Agent Header HTML Injection

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...