WebAPP v0.9.9.2.1 Remote Command Execution Exploit (1st)

No description provided by source. !/usr/bin/perl T r a p - S e t U n d e r G r o u n D H a c k i n g T e a m Remote C0mmand Executing Expl0it - For WebAPP CGI Exploit By : A l p h a P r o g r a m m e r Sirus-v ; E-Mail : [email protected] [email protected] This xpl Open a Backdoor in...

WebAPP 0.9.9.2.1 - Remote Command Execution (1)

!/usr/bin/perl T r a p - S e t U n d e r G r o u n D H a c k i n g T e a m Remote C0mmand Executing Expl0it - For WebAPP CGI Exploit By : A l p h a P r o g r a m m e r Sirus-v ; E-Mail : [email protected] [email protected] This xpl Open a Backdoor in 4444 Port with Nobody Access !!! All...

CVE-2005-1366

Pico Server (pServ) up to version 3.2 is affected by an information-disclosure flaw that lets remote attackers obtain the source code of CGI scripts. The vulnerability arises from a flawed CGI-bin path check: requesting URLs like somedir/../cgi-bin can cause the server to return the CGI source in...

CVE-2005-1366

Pico Server pServ 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL...

pserv 3.2 - Directory Traversal

pserv 3.2 - Directory Traversal source: https://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the...

[Full-disclosure] Pico Server (pServ) Remote Command Injection

Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, =3.2 probably too...

[Full-disclosure] Pico Server (pServ) Information Disclosure Of CGI Sources

Advisory: Pico Server pServ Information Disclosure Of CGI Sources RedTeam found a Information Disclosure vulnerability in Pico Server pServ which gives an attacker the ability to read all files from cgi-bin. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, =3.2 probably t...

PServ 3.2 - Source Code Disclosure

source: https://www.securityfocus.com/bid/13638/info pServ is affected by a remote source code disclosure vulnerability. When handling a specially-crafted URI request, the application discloses the source code of scripts in the 'cgi-bin' directory. Information gathered through this attack could b...

pserv 3.2 - Directory Traversal

source: https://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the cgi-bin directory, it is possib...

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow 2 // source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm...

CVE-2003-1137

CVE-2003-1137 affects sh-httpd versions 0.3 and 0.4. The issue allows remote attackers to read files or execute arbitrary CGI scripts via a GET request containing an asterisk (*) wildcard character, indicating improper handling of wildcards in input. The provided documents do not specify a fix or...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

Easy Message Board - Remote Command Execution

Easy Message Board - Remote Command Execution source: https://www.securityfocus.com/bid/13555/info Easy Message Board is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

USN-120-1: Apache 2 vulnerability

Luca Ercoli discovered that the "htdigest" program did not perform any bounds checking when it copied the "user" and "realm" arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...

MegaBook V2.0 - Cross Site Scripting Exploit

The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi URL: http://www.yourdomain.com/yourcgidir/admin.cgi I have tested the script with the following query:...

[EXPL] I-Mall Commerce i-mall.cgi Arbitrary Command Execution (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Invision Board Multiple XSS and SQL Injection

Binary data 2879.prm...

[Full-disclosure] NIC Chile CGI Script Zone Transfers

NIC Chile CGI Script Zone Transfers. Autor: Rodrigo Gutierrez rodrigo at intellicomp.cl Affected: All ".cl" domains which use NIC's Chile Secondary NS. Vendor url: http://www.nic.cl Rate: Critical Background. NIC Chile is a part of the University of Chile and is in charge of handling all the...

CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...