9784 matches found
CVE-2002-0750
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field...
CVE-2002-0436
sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...
CGI bugs
No description provided...
Moderate: Red Hat Security Advisory: : : : Updated secureweb packages available
Updated secureweb packages are now available for Red Hat Secure Web Server 3.2 U.S.. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Socke...
PHP Resource Exhaustion Denial of Service
The PHP interpreter is a heavy-duty CGI EXE or SAPI module, depending on configuration that implements an HTML-embedded script language. A vulnerability in PHP can be used to cause a denial of service in some cases. PHP's install process on Apache requires a "/php/" alias to be created, as it...
CGI bugs
No description provided...
CGI bugs
No description provided...
CGI bugs
No description provided...
Lil'HTTP Pbcgi.cgi XSS Vulnerability
Recently, I reported on a vulnerability in the Urlcount.cgi script of Lil'HTTP Server Summit Computer Networks. This time, another CGI pbcgi.cgi has been found vulnerable to cross-site scripting. Some versions of this CGI will take the form input you POST/GET to it, and break it into name/e-mail...
CGI bugs
No description provided...
Apache Web Server ap_log_rerror() function discloses full path to CGI script
Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...
Apache Httpd < 2.0.40 : Path revealing exposures
A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...
CGI bugs
No description provided...
BlackBoard 5.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit this condition via a malicious lin...
CVE-2001-1074
Webmin 0.84 and earlier does not properly clear the HTTPAUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges...
CVE-2002-0360
Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program...
CVE-2001-1074
Summary: CVE-2001-1074 affects Webmin 0.84 and earlier. The vulnerability arises because Webmin does not properly clear the HTTP_AUTHORIZATION environment variable when the web server restarts, causing authentication information to be exposed to all CGI programs and enabling local privilege escal...
CVE-2001-0918
This CVE concerns vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 that allow remote command execution due to insecure file handling. Affected are the susehelp CGI scripts; the underlying issue is not opening files securely, enabling unauthorized command execution. The provided docu...
CVE-2001-0918
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely...
AdvServer DoS
Title: AdvServer DoS Date: 21.06.02 Author: elab http://elaboration.8bit.co.uk Software: AdvServer Platform: Win32 Tested: Version 1.030000 Vendor: WWW: http://gamecheats.ws Contacted on: 30 May 02 Via: [email protected] && website Response: Within 2 days WARNING: This advisory has NOTHING to do...