CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

CGI bugs

No description provided...

Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV

In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...

XSS bug in Monkey &#40;0.5.0&#41; HTTP server

Illegal Instruction Labs Advisory ------------------------------------------------------------------------- Advisory name: XSS bug in Monkey 0.5.0 HTTP server Advisory number: 14 Application: Monkey 0.5.0 HTTP server Application author: Eduardo Silva EdsipeR Author e-mail: [email protected]...

OpenVMS WASD multiple bugs

Weak default configuration, protection bypass, CGI execution in server's content...

Apache stderr DoS

Large CGI application stderr output causes Apache to hang...

Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request

Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...

Sambar Server Multiple CGI Remote Overflow

It is possible to kill the Sambar web server 'server.exe' by sending it a long request like: /cgi-win/testcgi.exe?XXXX...X /cgi-win/cgitest.exe?XXXX...X /cgi-win/Pbcgi.exe?XXXXX...X or maybe in /cgi-bin/ An attacker may use this flaw to cause the server to crash continuously. %NASLMINLEVEL 70300 ...

Mike Spice's Quiz Me! does not adequately validate user input

Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...

Mike Spice's My Calendar does not adequately validate user input

Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...

CGI bugs

No description provided...

Multiple CGI bugs

No description provided...

alya.cgi CGI Backdoor Detection

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple rootkits. This script was written by Jason Lidow Changes by Tenable: - Overhauled description, added Synopsis/Reference/Solution 12/8/2008 include"compat.inc"; if description scriptid1111...

XSS in Null HTTPd

Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is quite basic, but offers good CGI support. A vulnerability in Null HTTPd may allow cross-site scripting via a 404 page: http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT You have to place this in the query string so that i...

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks...

CVE-2002-0917

CVE-2002-0917 affects CGIScript.net csPassword.cgi, which stores .htpasswd files under the web document root. This allows remote authenticated users to download the password file and crack other users’ passwords. The vulnerability is mapped to a high severity (CVSS v2 base score 7.5, vector AV:N/...

CVE-2000-1204

CVE-2000-1204 affects Apache 1.3.9, 1.3.11 and 1.3.12 via the mod_vhost_alias module. The issue allows remote attackers to obtain the source code of CGI programs if the cgi-bin directory is under the document root. Impact is partial confidentiality; no exploitation details are provided in the con...

CVE-2002-1089

CVE-2002-1089 affects rwcgi60, the CGI used with Oracle Reports Server. The flaw is an information disclosure: the program can reveal sensitive data (the full pathname), which an attacker could leverage for further attacks. Connected documents (Nessus plugin) confirm rwcgi60 exposure as part of O...

CVE-2002-0948

The CVE-2002-0948 entry concerns Scripts For Educators MakeBook 2.2 CGI, where the (1) Name and (2) Email parameters are not properly filtered. This allows remote attackers to execute arbitrary scripts as other visitors, or to trigger server-side includes (SSI) with the web server context. The NV...