CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...

OmniHTTPd 1.12.0.x2.4 - Sample Application URL Encoded Newline HTML Injection

OmniHTTPd 1.12.0.x2.4 - Sample Application URL Encoded Newline HTML Injection source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection...

CGI bugs

No description provided...

AnyForm CGI Arbitrary Command Execution

The CGI 'AnyForm2' is installed on the remote web server. Old versions of this CGI have a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

OmniHTTPd 1.1/2.0.x/2.4 - Sample Application URL Encoded Newline HTML Injection

source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection vulnerability has been reported in the '/cgi-bin/redir.exe' sample CGI included with...

CGI bugs

No description provided...

Viralator CGI Script Arbitrary Command Execution

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server. No flaw was tested. Your script might be a safe version. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Pi3Web < 2.0.1 CGI Handler Long Parameter Handling Overflow

The remote server may crash when it is sent a very long CGI parameter multiple times, as in : GET /cgi-bin/hello.exe?AAAAA...AAAA An attacker may use this flaw to prevent the remote host from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. We do banner checking, as I could...

CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter...

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...

CVE-2002-0752

CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file...

Apache 2.0 - Encoded Backslash Directory Traversal

source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this include Windows, OS2, and Netware. The issue is...

qmailadmin SUID buffer overflow

qmailadmin is not part of qmail. It's from http://inter7.com/qmailadmin/ and I guess you can download from there and play with it, although the versions I am using were built from the FreeBSD ports tree and also from a Linux RPM I grabbed from:...

qmailadmin 1.0.x - Local Buffer Overflow

qmailadmin 1.0.x - Local Buffer Overflow / source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular...

qmailadmin 1.0.x - Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on others. qmailadmin fails to...

CGI bugs

No description provided...

SUN Answer Book buffer overflow

Buffer overflow in CGI and format string bug in dwhttpd...

Bug in Eupload

Bug in Eupload ----------------- | By ZeroByte || [email protected] | | ICQ 98177781 | 1.1 - What is Eupload? Eupload, is an web utility used to facilitate the update of web sites by means of scripts CGI. This tool allows the ascent of files to the servant by means of an web interface. The...

Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts

Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...