CVE-2003-0789

The provided documents confirm CVE-2003-0789 is an Apache mod_cgid issue where CGI redirect paths are mishandled when using a threaded MPM, potentially causing CGI output to be sent to the wrong client. This is tied to the mod_cgid component of Apache and is discussed alongside CAN-2003-0542 (buf...

CVE-2003-0789

modcgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client...

sh-httpd.txt

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

Musicqueue multiple local vulnerabilities

======================================== INetCop Security Advisory 2003-0x82-020 ======================================== Title: Musicqueue multiple local vulnerabilities 0x01. Description Musicqueue is a CGI music jukebox using external tools to play the files. Because of that it supports severa...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

[Full-Disclosure] sh-httpd `wildcard character' vulnerability

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

CGI bugs

No description provided...

CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

DEBIAN-CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

CGI bugs

No description provided...

TRACKtheCLICK Script Injection Vulnerabilities

Scripts4webmasters.com TRACKtheCLICK Script Injection Vulnerabilities Discovered By Chris Rahm aka: BrainRawt [email protected] About TRACKtheCLICK: -------------------- A perl coded CGI that tracks your email, ezine, banner, and web site links. TRACKtheCLICK outputs log information to a data...

PayPal Store Front index.php page Parameter Remote File Inclusion (deprecated)

It is possible to make the remote host include PHP files hosted on a third-party server using the PayPal Store Front CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. The plugin was...

CGI bugs

No description provided...

CGI.pm vulnerable to Cross-site Scripting

Overview A vulnerability in the Common Gateway Interface CGI Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers su...

CGI bugs

No description provided...

Apache Httpd < 2.0.48 : CGI output information leak

A bug in modcgid mishandling of CGI redirect paths can result in CGI output going to the wrong client when a threaded MPM is used...

EORF2003-04: sbox path disclosure problem

--------------------------- EightOne Research Facility --------------------------- EORF2003-04 security advisory Title: sbox has a information disclosure problems Author: Julio "e2fsck" Cesar Vendor: http://stein.cshl.org/WWW/software/sbox Versions: sbox 1.04 and later Date: 18 Sep 2003 1...

Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)

The remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The modrewrite and modalias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may...

SBox 1.0.4 - Full Path Disclosure

SBox 1.0.4 - Full Path Disclosure source: https://www.securityfocus.com/bid/8705/info sbox has been reported prone to a path disclosure vulnerability. The issue has been reported to present itself when a HTTP request is made for a CGI resource that does not exist. sbox will reportedly return an...

CGI bugs

No description provided...