CVE-2002-0142

CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service crash via a series of requests whose physical path is exactly 260 characters long and ends in a series of . dot characters...

CGI bugs

No description provided...

Code execution in Win32 Apache via .bat files

If server uses .bat files as CGI it's possible to execute any shell commands by using pipes...

CGI bugs

No description provided...

CVE-2002-0099

Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service crash via a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of . dot characters...

CVE-2001-1206

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $errorlog variable...

CVE-2001-1206

CVE-2001-1206 affects Matrix CGI vault Last Lines 2.0. The vulnerability: remote attackers can execute arbitrary commands via shell metacharacters in the $error_log variable, enabling remote code execution over the network. The provided sources do not specify affected versions beyond Last Lines 2...

CVE-2002-0142

Pi3Web CGI handler in Windows 2.0 beta 1/2 is vulnerable to a denial of service through very long CGI parameters; vendors indicate FIX in Pi3Web

CVE-2002-0099

CVE-2002-0099 affects Michael Lamont Savant Web Server 3.0. A buffer overflow occurs when handling a long HTTP request to the cgi-bin directory in which the CGI program name contains a large number of dots, allowing remote attackers to cause a denial of service (crash). The available public refer...

CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields...

Solaris 7.08 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution

Solaris 7.08 Sunsolve CD - SSCDSunCourier.pl CGI Script Arbitrary Command Execution source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI scri...

Solaris 7.0/8 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution

source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI script included with the CD does not adequately sanitize input. Due to a design failure...

CVE-2001-1010

Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. dot dot attack on the page parameter...

CVE-2001-1010

CVE-2001-1010 affects Sambar Server’s pagecount CGI script (located at /session/pagecount). The vulnerability arises because the page parameter is not validated against directory traversal (".."), enabling a remote attacker to overwrite arbitrary files on the filesystem. The root cause is lack of...

CVE-2001-0995

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. The vulnerability arises from trusting the ID parameter in requests, enabling privilege escalation to partial confidentiality/integrit...

CVE-2001-0834

htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...

Xerver-2.10.txt

------oOo------ Xerver Free Web Server 2.10 file Disclosure & DoS Denial of Service Attack. ------oOo------ Company Affected: www.JavaScript.nu Version: v2.10 Date Added: 02-27-02 Size: 287 KB OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL. Author: Alex Hernandez Thanks all...

CVE-2002-0091

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields...

CVE-2002-0091

CVE-2002-0091 affects CIDER SHADOW 1.5 and 1.6. The vulnerability consists of CGI scripts that allow remote execution of arbitrary commands through certain form fields due to insufficient input verification. Impact is remote code execution with the privileges of the web server process; exploitati...

Oracle 9iAS allows access to CGI script source code within CGI-BIN directory

Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...