CVE-2002-1741

CVE-2002-1741 describes a directory traversal vulnerability in WorldClient.cgi within WorldClient for Alt-N Technologies MDaemon

CVE-2002-1753

csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) is affected by CVE-2002-1753, allowing remote attackers to execute arbitrary Perl code through the setup parameter, which is processed by Perl eval. The vulnerability affects csNewsPro.cgi and is triggered via the setup parameter, ena...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

ViRobot Linux Server addschup Multiple Overflows

The remote host is running ViRobot Linux Server, a commercial anti- virus product for Linux. According to its banner, the installed version of ViRobot Linux Server suffers from a remote buffer overflow vulnerability in its web-based management interface. By passing specially crafted data through...

CVE-2005-1953

Heap-based buffer overflow in the CGI extension for Pico Server pServ 3.3 allows remote attackers to execute arbitrary code via a long HTTP request...

ViRobot Advanced Server 2.0 - addschup Remote Cookie

ViRobot Advanced Server 2.0 - addschup Remote Cookie !/usr/bin/perl ViRobot 2.0 remote cookie exploit - ala addschup copyright Kevin Finisterre kflistsatdigitalmunitiondotcom jdam:/home/kfinisterre ls -al /var/spool/cron/root ls: /var/spool/cron/root: No such file or directory...

ViRobot Advanced Server 2.0 - 'addschup' Remote Cookie

!/usr/bin/perl ViRobot 2.0 remote cookie exploit - ala addschup copyright Kevin Finisterre kflistsatdigitalmunitiondotcom jdam:/home/kfinisterre ls -al /var/spool/cron/root ls: /var/spool/cron/root: No such file or directory jdam:/home/kfinisterre ls -al /var/spool/cron/root -rw-r--r-- 1 root sta...

Multiple vulnerabilities in Pico Server (pServ) v3.3

Multiple vulnerabilities in Pico Server pServ v3.3 discovered by Raphal Rigo Product: Pico Server pServ Affected Version: 3.3 verified, =3.3 probably too Not affected Version: 3.4 OS affected: all Risk: critical Remote Exploit: yes URL: http://pserv.sourceforge.net/ Overview ======== Pico Server ...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

PT-2005-2892 · Silvercity · Silvercity

Name of the Vulnerable Software and Affected Versions: SilverCity versions prior to 0.9.5-r1 Description: The issue allows local users to execute arbitrary code due to the installation of certain files with read and write world permissions. The affected files include cgi-styler-form.py,...

Invision Board < 2.0.5 Privilege Escalation / SQL Injection

Binary data 2942.prm...

CVE-2004-2132

PJ CGI Neo’s PJreview_Neo.cgi is affected by a directory traversal vulnerability that allows reading arbitrary files via a .. in the p parameter. This could enable reading local files on the web server with the web user’s privileges. The issue is documented in CVE-2004-2132 and is reflected in Ne...

Listserv < 14.3-2005a Multiple Vulnerabilities

According to its version number, the Listserv web interface on the remote host suffers from several critical and as-yet unspecified vulnerabilities. An attacker may be able to exploit these flaws to execute arbitrary code on the affected system or allow remote denial of service. %NASLMINLEVEL 703...

BookReview 1.0 Multiple Script XSS

The remote host is running the BookReview software. The remote version of this software is vulnerable to multiple cross-site scripting attacks due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to use the remote server to perform an...

SqWebMail redirect Parameter CRLF Injected XSS

The remote host is running a version of SqWebMail that does not properly sanitize user-supplied input through the 'redirect' parameter. An attacker can exploit this flaw to inject arbitrary HTML and script code into a user's browser to be executed within the context of the affected website. Such...

CVE-2005-1680

CVE-2005-1680 affects D-Link DSL-502T/504T/562T/DSL-G604T. Exploitation of /cgi-bin/firmwarecfg allows remote attackers to bypass authentication either if the attacker’s IP already exists in /var/tmp/fw_ip or if the request is the first, which causes /var/tmp/fw_ip to be created and store the att...

[UNIX] WebApp Arbitrary Code Execution &#40;apage.cgi, Exploit&#41;

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

WebAPP v0.9.9.2.1 Remote Command Execution Exploit (1st)

Exploit for cgi platform in category web applications ======================================================== WebAPP v0.9.9.2.1 Remote Command Execution Exploit 1st ======================================================== !/usr/bin/perl T r a p - S e t U n d e r G r o u n D H a c k i n g T e a m...

WebAPP 0.9.9.2.1 - Remote Command Execution (1)

WebAPP 0.9.9.2.1 - Remote Command Execution 1 !/usr/bin/perl T r a p - S e t U n d e r G r o u n D H a c k i n g T e a m Remote C0mmand Executing Expl0it - For WebAPP CGI Exploit By : A l p h a P r o g r a m m e r Sirus-v ; E-Mail : [email protected] [email protected] This xpl Open a...