[UNIX] COWS Contains Multiple Security Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

CGI bugs

No description provided...

CVE-2002-0360

Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program...

CVE-2002-0360

The CVE-2002-0360 issue affects Sun AnswerBook2 1.4–1.4.3, where a buffer overflow in the gettransbitmap CGI allows a remote attacker to execute arbitrary code via a long filename argument. Impact is remote code execution with the daemon privileges; no exploit details are provided in the document...

CGIScript.net 1.0 - Information Disclosure

source: https://www.securityfocus.com/bid/4764/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. It is possible to cause numerous scripts provided by CGIScript.net to disclose sensitive system information. The following is a list of cgi...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow source: https://www.securityfocus.com/bid/4689/info MDaemon is an integrated mail transport agent, webmail, and mail anti-virus package. It is available for Microsoft Windows operating systems. It may be possible for a remote user to tak...

MDaemon WorldClient 5.0.x - Folder Creation Buffer Overflow

source: https://www.securityfocus.com/bid/4689/info MDaemon is an integrated mail transport agent, webmail, and mail anti-virus package. It is available for Microsoft Windows operating systems. It may be possible for a remote user to take advantage of a buffer overflow in the MDaemon software...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

CGI bugs

No description provided...

CVE-2002-0232

Directory traversal vulnerability in Multi Router Traffic Grapher MRTG allows remote attackers to read portions of arbitrary files via a .. dot dot in the cfg parameter for 1 14all.cgi, 2 14all-1.1.cgi, 3 traffic.cgi, or 4 mrtg.cgi...

CVE-2001-1242

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. dot dot in an HTML form...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-2002-0249

CVE-2002-0249 affects PHP for Windows when used as a standalone CGI module on Apache 2.0.28 beta, where a crafted request with malformed arguments can disclose the physical path to php.exe in error messages. Affects PHP for Windows running under Apache CGI; the issue stems from error handling tha...

CVE-2001-1242

The CVE-2001-1242 entry concerns a directory traversal in Un-CGI 1.9 and earlier, where an attacker can trigger arbitrary code execution by supplying a .. (dot dot) in an HTML form. The vulnerability arises in the way path components are processed, enabling remote exploitation. Affected software:...

CVE-2001-1241

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "!" and the desired program name...

CVE-2002-0266

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname...

CVE-2002-0266

The connected documents confirm CVE-2002-0266 affects Thunderstone Texis CGI scripts, enabling unauthenticated remote disclosure of the web root path by requesting a nonexistent file, with error messages revealing the full pathname. No fix/version remediation details are provided in the supplied ...

CVE-2001-1241

Un-CGI 1.9 and earlier fail to verify that a CGI script has execution bits set before executing it, allowing remote attackers to run arbitrary commands by pointing Un-CGI at a document that starts with "#!" and the target program name.