9786 matches found
CGI bugs
No description provided...
rot13sj.cgi Arbitrary File Access
The remote host is running the CGI 'rot13sj.cgi'. This CGI contains various flaws which may allow a user to execute arbitrary commands on this host and to read aribrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: http://www.geocities.com/sjefferson101010/ link is broken...
WF-Chat User Account Disclosure
The WF-Chat allows an attacker to view information about registered users by requesting the files '!nicks.txt' and '!pwds.txt'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid11688; scriptversion"1.23";...
PostNuke Rating System DoS
The remote host is running PostNuke. PostNuke Phoenix 0.721, 0.722 and 0.723 allows a remote attacker causes a denial of service to legitmate users, by submitting a string to its rating system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Note: Based on the proof of concept example, NOT...
CGI bugs
No description provided...
Ultimate PHP Board admin_iplog.php Arbitrary Code Execution
The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...
Bandmin 1.4 index.cgi Multiple Parameter XSS
The remote host is running the Bandmin CGI suite. There is a cross-site scripting issue in this suite that may allow an attacker to steal your users cookies. The flaw lies in the cgi bandwitdh/index.cgi %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: 28 May 2003 16:38:40 -0000 From:...
Bandmin 1.4 XSS Exploit
Bandmin 1.4 XSS Exploit by Silent Needle A:BACKGROUND Bandmin is a cgi script show you the bandwidth for the sites in the server. B:DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C:EXPLOIT These are th...
CGI bugs
No description provided...
CGI bugs
No description provided...
CVE-2003-0217
Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...
CVE-2003-0217
CVE-2003-0217 describes a cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) up to version 3.01, where an input parameter passed to a CGI script (notably swsrv.cgi) could be exploited to hijack a user session and bypass authentication. The underlying issue is impr...
php-proxima autohtml.php Arbitrary File Retrieval
The remote host is running php-proxima, a website portal. There is a flaw in this version that allows an attacker to read arbitrary files on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Mind Warper" To: [email protected] Date: Thu, 15 May 2003 01:43:40...
CGI bugs
No description provided...
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
The remote host has the cgi 'counter.php' installed. This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...
Ceilidh testcgi.exe query Parameter XSS
The remote host has a CGI called 'testcgi.exe' installed under /cgi-bin that is vulnerable to a cross-site scripting issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11610; scriptversion"1.26";...
HappyMall Multiple Script Arbitrary Command Execution
There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...
CGI bugs
No description provided...
CGI bugs
No description provided...
Nokia IPSO Voyager WebGUI readfile.tcl file Parameter Arbitrary File Access
The remote host includes a CGI /cgi-bin/readfile.tcl which allows anyone to read arbitrary files on the remote host with the privileges of the HTTP daemon typically 'nobody'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: Jonas Eriksson mailto:[email protected] Date: 23/04/2003 To:...