DCP-Portal Multiple Script Path Disclosure

DCP-Portal discloses its physical path when an empty request to adduser.php is made In addition, several other scripts may disclose the path if an invalid language is supplied, although Nessus has not checked for them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ahmet Sabri ALPER To:...

Leif Wright ad.cgi file Parameter Arbitrary Command Execution

The CGI 'ad.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SimpleChat Information Disclosure

It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...

CGI bugs from DWClan

13 vulnerable CGI applications are reported by DWClan...

Adcycle build.cgi Remote Password Disclosure

The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Matt Wright textcounter.pl Arbitrary Command Execution

The CGI 'textcounter' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

CGI bugs

No description provided...

CVE-2002-1410

The CVE-2002-1410 entry describes a vulnerability in Easy Guestbook CGI programs where administrator authentication is not performed. This permits remote attackers to directly access admin.cgi to delete entries or access config.cgi to reconfigure the Guestbook, without authentication. The connect...

EUVD-2002-1393

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to 1 delete entries via direct access of admin.cgi, or 2 reconfigure Guestbook via direct access of config.cgi...

CVE-2002-1410

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to 1 delete entries via direct access of admin.cgi, or 2 reconfigure Guestbook via direct access of config.cgi...

CGI bugs

No description provided...

smb2www Proxy Bypass

The remote host is running smb2www - a SMB to WWW gateway. An attacker may use this CGI to use this host as a proxy - The attacker can then connect to a third-party SMB host without revealing an IP address. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Microsoft IIS fpcount.exe CGI Remote Overflow

Nessus detected the 'fpcount.exe' CGI on the remote web server. Some versions of this CGI have a remote buffer overflow vulnerability. A remote attacker could exploit it to crash the web server, or possibly execute arbitrary code. Nessus did not actually check for this flaw, but solely relied on...

smb2www Unspecified Arbitrary Remote Command Execution

The remote host is running smb2www - a SMB to WWW gateway. There is a flaw in the version of this CGI which allows anyone to execute arbitrary commands on this host by sending a malformed argument to smbshr.pl, one of the components of this solution. %NASLMINLEVEL 70300 C Tenable Network Security...

Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access

Cross-Referencing Linux appaers to be installed on the remote host. There is a directory traversal vulnerability in the 'v' parameter of the 'source' CGI. A remote attacker could exploit this to read arbitrary files on the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Upload Lite upload.cgi Arbitrary File Upload

The Upload Lite upload.cgi CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server. Note that Nessus did not test whether uploads are possible, only that the script exists. %NASLMINLEVEL 70300 C Tenable Network Security,...

Simple File Manager Directory / Filename XSS

The remote Simple File Manager CGI fm.php improperly validates the names of the directories entered and created by the user. As a result, a user could generate a cross-site scripting attack on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Wordit Logbook logbook.pl file Parameter Arbitrary File Access

The WordIt 'logbook.pl' CGI script is installed on the remote host. This script has a well-known security flaw that lets anyone read arbitrary files on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid1136...

CGI bugs

No description provided...

WebWho+ whois.pl time Parameter Arbitrary Command Execution

The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...