PJ CGI Neo Review - Directory Traversal

source: https://www.securityfocus.com/bid/9524/info It has been reported that PJ CGI Neo Review may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory by using '../' character sequences...

freesco crossite scripting

Crossite scripting in example CGI application...

CGI bugs

No description provided...

Acme thttpd 1.9/2.0.x - CGI Test Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/9474/info thttpd is prone to a cross-site scripting vulnerability in the CGI test script. This could permit a remote attacker to create a malicious link to the web server that includes hostile HTML and script code. If this link were followed, the hostile...

GoAhead script source leak

It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...

Directories management bypassing in Goahead webserver <= 2.1.8

Luigi Auriemma Application: Goahead webserver http://www.goahead.com/webserver/webserver.htm Versions: = 2.1.8 Platforms: multiplatform Bug: bypassing of special directories management with the effect of downloading cgi-bin files and more Risk: medium/high Exploitation: remote with browser Date: ...

CGI bugs

No description provided...

CVE-2003-0992

CVE-2003-0992 is a documented cross-site scripting vulnerability in Mailman’s create CGI script, exploitable to steal cookies of other users. Affected versions are Mailman 2.1.x before 2.1.3; the issue is fixed in later releases (e.g., patches included in 2.1.3 and newer). The linked OpenVAS/Ness...

CVE-2003-0965

CVE-2003-0965 is a cross-site scripting (XSS) vulnerability in the Mailman admin CGI script before 2.1.4. The issue allows remote attackers to steal session cookies and perform unauthorized activities via the administrative interface. Affected: Mailman (admin CGI). Root cause: XSS in the admin UI...

CGI bugs

No description provided...

QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 23 Dec 2003 20:27:51 +0800 From: DrPonidi Haryanto Subject:...

CVE-2003-1510

TinyWeb 1.9 allows remote attackers to cause a denial of service CPU consumption via a ".%00." in an HTTP GET request to the cgi-bin directory...

CVE-2003-1348

Cross-site scripting XSS vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 name, or 3 title field...

CVE-2003-1373

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...

CVE-2003-1341

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe...

CVE-2003-1365

The escapedangerouschars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including 1 "" backslash, 2 "?", 3 "" tilde, 4 "^" carat, 5 newline, or 6 carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands...

CVE-2003-1558

Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service crash and possibly execute arbitrary code via a long CGI request passed to the docgi function...

CVE-2003-1556

Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...

MDaemon buffer overflow

Buffer overflow if FROM2Raw.exe CGI is used...

[Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler

Hat-Squad Security Team Advisory http://www.hat-squad.com Product: Alt-N Technologies Mdaemon Mail Server Version: MDaemon 6.85 and Below to 6.52 Vulnerability: Remote buffer overflow in Raw Message Handler Release Date: 12/29/2003 Vendor Status: Informed on 29 Dec 2003 Quick response on 29 Dec...