Netwin Webnews 1.1k

Name: Netwin WebNews 1.1k Operation system: tested under Redhat linux 7.0 Vendor status: The vendor has been contacted on the 20th of February and hasn't replied yet. Description: The Netwin Webnews version 1.1k CGI binaries contains 4 default users within the binary that can not be removed. Whil...

ОЧередные ошибки в CGI

No description provided...

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

EasyBoard 2000 Remote Buffer Overflow Vulnerability

EasyBoard 2000 Remote Buffer Overflow Vulnerability Jin Ho You, [email protected] 1 Discussion EasyBoard 2000http://ezboard.new21.org is a web board CGI. Improperly manipulated user-supplied input to the Content-Type header can create an buffer overflow condition. This vulnerability...

EZNE.NET Ezboard 2000 - Remote Buffer Overflow

EZNE.NET Ezboard 2000 - Remote Buffer Overflow source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. A vulnerability has been reported in some versions of Ezboard. In some CGI programs, user supplied data is writt...

EZNE.NET Ezboard 2000 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/4068/info Ezboard 2000 is a web based bulletin board system. It is available for Linux systems. A vulnerability has been reported in some versions of Ezboard. In some CGI programs, user supplied data is written to a staticly sized array with a sprintf cal...

Очередные дырки в CGI

No description provided...

texis&#40;CGI&#41; Path Disclosure Vulnerability

Advisory: texisCGI Path Disclosure Vulnerability Application: Thunderstone's texisCGI Release Date: 02.05.02 Severity: Any user can send an invalid path to texisCGI causing it to reveal the full path to the webroot. In some cases texis will display system specific informationOS, processor type...

Mrtg Path Disclosure Vulnerability &#40;Revised&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /This is Mrtg Web Frontend 14all.cgi bug. You may find the revised security announcement below/ Mrtg/RRD 14all.cgi Path Disclosure Vulnerability Type: Input Validation Error Release Date: February 4, 2002 Product / Vendor: 14all.cgi is a CGI script to...

texis&#40;CGI&#41; Path Disclosure Vulnerability

Advisory: texisCGI Path Disclosure Vulnerability Application: Thunderstone's texisCGI Release Date: 02.05.02 Severity: Any user can send an invalid path to texisCGI causing it to reveal the full path to the webroot. In some cases texis will display system specific informationOS, processor type...

new advisory

---=== UkR Security Team advisory ===--- Name : MRTG CGI script "show files" Vulnerability About : The Multi Router Traffic Grapher MRTG is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traff...

CVE-2001-0997

Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter...

CVE-2001-1024

login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument...

CVE-2001-1024

CVE-2001-1024 : Entrust getAccess CGI scripts (e.g., login.gas.bat) are vulnerable to remote command execution via an alternate -classpath argument, allowing an attacker to run Java programs. The CVSS data indicates a Network-exposed, low complexity, no-auth exploit with Partial impact on confide...

CVE-2001-0947

The CVE-2001-0947 issue affects ValiCert Enterprise Validation Authority (EVA) versions 3.3 through 4.2.1. It allows remote attackers to determine the server’s real pathname by requesting an invalid extension, which causes an error page that reveals the path. The vulnerability is a server-path di...

CVE-2001-0924

CVE-2001-0924 describes a directory traversal vulnerability in the Informix SQL Web DataBlade CGI (LO parameter) that allows remote attackers to read arbitrary files on the affected system. The issue arises from improper handling of the .. (dot dot) path traversal in the LO parameter of the ifx C...

CVE-2001-0997

The CVE-2001-0997 entry concerns Textor Webmasters Ltd’s listrec.pl CGI. The vulnerability arises from shell metacharacter processing in the TEMPLATE parameter, enabling remote arbitrary command execution on the affected host with web server privileges. Public sources in the connected docs (NVD/N...

CVE-2001-0949

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority EVA Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters 1 Mode, 2 CertificateFile, 3 useExpiredCRLs, 4 listenLength, 5 maxThread, 6...

CVE-2001-0958

CVE-2001-0958 affects Trend Micro InterScan eManager for NT Ver.3.51 (English) and NT Ver.3.51J. The vulnerability is a remotely exploitable buffer overflow in the eManager CGI interface, caused by long arguments to multiple DLLs (register.dll, ContentFilter.dll, SFNofitication.dll, TOP10.dll, Sp...

Очередные ошибки в CGI

Недостаточная проверка ввода пользователя...