Original imTRBBS(ver1.02) and prior remote command execution

Original imTRBBSver1.02 and prior remote command execution Developed by: cgi-club http://http://www.cgi-club.com Script Name:imTRSET ver1.02 and prior An attacker may exploit this vulnerability to execute commands on the remote host by adding special parameters to imtrbbs.cgi script. Proof Of...

CGI-Club imTRBBS 1.0 - Remote Command Execution

CGI-Club imTRBBS 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/14091/info imTRBBS is affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'imtrbbs.cgi' script that will ...

CGI-Club imTRBBS 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/14091/info imTRBBS is affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'imtrbbs.cgi' script that will be executed in the context of the Web server...

webadmin.php show Parameter Arbitrary File Access

webadmin.php was found on your web server. In its current configuration, this file manager CGI gives access to the whole filesystem of the machine to anybody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid18586;...

CVE-2002-1986

Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot "."...

CVE-2002-1850

The CVE-2002-1850 issue affects Apache’s mod_cgi in versions 2.0.39 and 2.0.40. A CGI script that writes a large amount of data to stderr can trigger a read/write deadlock between httpd and the CGI script, allowing local users and possibly remote attackers to cause a denial of service (hang and m...

CVE-2002-1986

Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...

CVE-2002-1854

Technical details about CVE-2002-1854 are not publicly available in the provided connected documents. The record repeats the domain-name shell metacharacter vulnerability in whois.cgi, but no product/vendor/version or fix is disclosed here. Monitor for updates.

CVE-2002-1854

Rlaj whois CGI script whois.cgi 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field...

CVE-2002-1938

The vulnerability affects Virgil CGI Scanner 0.9 and allows remote command execution via the tar (TARGET) or zielport (ZIELPORT) parameters. Root cause: improper handling of these inputs enables arbitrary commands to run on the affected host. Connected sources (NVD, Red Hat, CVE lists) confirm th...

CVE-2002-1938

Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the 1 tar TARGET or 2 zielport ZIELPORT parameters...

CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

WebCalendar Detection

This script detects whether the remote host is running WebCalendar and extracts version numbers and locations of any instances found. WebCalendar is an open source web calendar application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18572;...

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

The remote host is running K-COLLECT csv-database, a web application written in perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'csvdb.cgi' script before using it to run a shell command. An unauthenticated can exploit this issue to execute...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

Cacti Local File Inclusion Vulnerability

The Cacti application running on the remote web server is affected by a local file inclusion vulnerability due to improperly validating user-supplied input to the 'configincludepath' parameter in 'configsettings.php'. A remote attacker can exploit this to execute arbitrary PHP code. %NASLMINLEVEL...

CVE-2002-1751

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2002-1753

csNewsPro.cgi in CGIScript.net csNews Professional csNewsPro allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2000-1225

CVE-2000-1225 affects Xitami 2.5b where the installer places testcgi.exe by default in the cgi-bin. Accessing this program can disclose sensitive web server configuration information to remote attackers. The accompanying metrics indicate a network-exposed, low-complexity vector with partial confi...

CVE-2002-1680

CVE-2002-1680 concerns CGI Online Worldweb Shopping 1.1 (COWS). The vulnerability is a Cross-site Scripting (XSS) flaw in the server-side scripts, allowing remote attackers to execute arbitrary script as other users by injecting code into diagnose.cgi or compatible.cgi. The description identifies...