CVE-2002-0599

Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen...

Oracle Reports Server Buffer Overflow (#NISR12062002B)

NGSSoftware Insight Security Research Advisory Name: Oracle 9iAS Reports Server Systems: All Severity: High Risk Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Advisory URL:...

SSI & CSS execution in MakeBook 2.2

DownBload Security Research Lab Advisory ------------------------------------------------------------------------- Advisory name: SSI & CSS execution in MakeBook 2.2 Advisory number: 5 Application: MakeBook 2.2 CGI script Application author: Kristina Pfaff-Harris Source:...

Buffer overflow in Oracle 9iAS Reports Server

Buffer overflow in CGI script...

AlienForm2 CGI script: arbitrary file read/write

===================================================================== Vulnerable: AlienForm2 revision 1.5 Category: Perl/CGI coding errors Impact: Subject to file permissions, an attacker can read any file on the server, append arbitrary data to any existing file or write arbitrary data to new...

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script nslookup.pl 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the 1 query or 2 type parameters...

CVE-2002-0612

FileSeek.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 head or 2 foot parameters...

CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

CVE-2002-0489

CVE-2002-0489 affects the Linux Directory Penguin NsLookup CGI script (nslookup.pl) version 1.0. It allows remote code execution via shell metacharacters in the (1) query or (2) type parameters. The NVD record assigns a base score of 10.0 (HIGH) with network attack vector, low complexity, no auth...

AlienForm2 alienform.cgi Traversal Arbitrary File Manipulation

The AlienForm CGI script allows an attacker to view any file on the target computer, append arbitrary data to an existing file, and write arbitrary data to a new file. The AlienForm CGI script is installed as either af.cgi or alienform.cgi. %NASLMINLEVEL 70300 This script was written by Andrew...

MyHelpDesk 20020509 - SQL Injection

MyHelpDesk 20020509 - SQL Injection source: https://www.securityfocus.com/bid/4971/info It is reported that MyHelpDesk version 20020509 and earlier are vulnerable to SQL injection attacks. Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input...

WebScripts WebBBS 4.x5.0 - Remote Command Execution

WebScripts WebBBS 4.x5.0 - Remote Command Execution source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the...

WebScripts WebBBS 4.x/5.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. Remote attackers may gain local,...

MRTG mrtg.cgi cfg Parameter Traversal Arbitrary Files Access

The 'mrtg.cgi' script is part of the MRTG traffic visualization application. A vulnerability exists in this script that allows an attacker to view the first line of any file on the system. %NASLMINLEVEL 70300 This script was written by H D Moore Script audit and contributions from Carmichael...

CGI bugs

No description provided...

ping.asp CGI Arbitrary Command Execution

The 'ping.asp' CGI is installed. Some versions allow an attacker to launch a ping flood against the targeted machine or another by entering '127.0.0.1 -l 65000 -t' in the Address field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Er...

CVE-2002-0290

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument...

CVE-2002-0311

Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for 1 in scoadminreg.cgi or 2 serviceaction.cgi...

CGIScript.net - csPassword.cgi 1.0 Information Disclosure

CGIScript.net - csPassword.cgi 1.0 Information Disclosure source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by...

CVE-2002-0249

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message...