ASP PortalApp Multiple SQL Injection

The remote host is running ASP PortalApp, a web application software written in ASP. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host. In addition, a path disclosure and...

CVE-2002-1635

The Apache configuration file httpd.conf in Oracle 9i Application Server 9iAS uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin...

CVE-2002-1635

The CVE-2002-1635 entry concerns Oracle 9i Application Server (9iAS) where the Apache httpd.conf uses a Location alias for /perl instead of a ScriptAlias. This misconfiguration enables a remote attacker to read the source code of arbitrary CGI files via a URL that targets /perl rather than /cgi-b...

CVE-2002-1628

Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. dot dot sequences in the type parameter...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

HP-UX PHSS_28099 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)

s700800 11.04 Virtualvault 4.6 OWS update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. CERT VU825353, CVE CAN-2002-0839 Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. CERT VU240329, CVE...

HP-UX PHSS_28098 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)

s700800 11.04 Virtualvault 4.5 OWS update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. CERT VU825353, CVE CAN-2002-0839 Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. CERT VU240329, CVE...

HP-UX PHSS_28111 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)

s700800 11.04 Virtualvault 4.5 IWS Update : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. CERT VU825353, CVE CAN-2002-0839 Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. CERT VU240329, CVE...

HP-UX PHSS_29542 : HPSBUX0310-285 SSRT3642 Potential Security Vulnerabilities Apache web server HP-UX VVOS and Webproxy.

s700800 11.04 Virtualvault 4.6 IWS update : 1. Potential Apache web server crash when it goes into an infinite loop due to too many subsequent internal redirects and nested subrequests. VU379828 2. No de-allocation of file descriptors while servicing CGI scripts through child processes...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

CVE-2002-1592

CVE-2002-1592 affects Apache HTTP Server 2.0 through 2.0.35. When a CGI application encounters an error, ap_log_rerror may send error messages to the client that include the server’s full path, enabling information disclosure. The provided sources confirm the affected range and the leakage of int...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

NewsScript newsscript.pl mode Parameter Privilege Escalation

The remote host is running a version of NewsScript.co.uk's NewsScript that allows a remote attacker to bypass authentication simply by setting the 'mode' parameter to 'admin', thereby allowing him to add, delete, or modify news stories and headlines at will. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2005-0689

includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the URL or 2 the template parameter...

The Includer CGI <= 1.0 Remote Command Execution

No description provided by source. Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.: www.host-vulnerable.com/includer.cgi?template=|id| milw0rm.com 2005-03-07...

The Includer CGI 1.0 - Remote Command Execution (1)

The Includer CGI 1.0 - Remote Command Execution 1 Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.: www.host-vulnerable.com/includer.cgi?template=|id| milw0rm.com 2005-03-07...

The Includer CGI <= 1.0 Remote Command Execution

Exploit for cgi platform in category web applications ================================================ The Includer CGI = 1.0 Remote Command Execution ================================================ Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.:...

The Includer CGI 1.0 - Remote Command Execution (1)

Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.: www.host-vulnerable.com/includer.cgi?template=|id| milw0rm.com 2005-03-07...

vBulletin Detection

The remote host is running vBulletin, a commercial web-based message forum application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17282; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/08/10";...

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...