Agora.CGI 34 - Debug Mode Full Path Disclosure

Agora.CGI 34 - Debug Mode Full Path Disclosure source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi...

Agora.CGI 3/4 - Debug Mode Full Path Disclosure

source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stored in. This is possible by making ...

FAQManager 'faqmanager.cgi' 'toc' Parameter Arbitrary File Access

FAQManager is a Perl-based CGI for maintaining a list of Frequently Asked Questions. Using a specially crafted URL, a remote attacker can use this CGI to view arbitrary files on the web server. For example: http://www.example.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 %NASLMINLEVEL 70300 This...

Unixware 7.1.1 scoadminreg.cgi local exploit

unixware: uname -a UnixWare unixware 5 7.1.1 i386 x86at SCO UNIXSVR5 unixware: id uid=101mearee gid=1other unixware: ./scoadminreg.sh jGgM root exploit http://www.netemperor.com/ Mail: [email protected] Manager: -c /tmp/jggm;/tmp/jggm; ERROR: Cannot find a Webtop object associated with -c /tmp/jggm...

zml.cgi Directory Traversal

ZML.cgi is vulnerable to a directory traversal attack. It enables a remote attacker to view any file on the computer with the privileges of the cgi/httpd user. %NASLMINLEVEL 70300 This script was written by Drew Hintz http://guh.nu It is based on scripts written by Renaud Deraison and HD Moore Se...

John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow

John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/3866/info John Roy Pi3Web is a standard web server which includes CGI and ISAPI support. Pi3Web uses multithreading to handle system requests. Pi3Web is available for Windows, Linux and Solaris...

John Roy Pi3Web 2.0 For Windows - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/3866/info John Roy Pi3Web is a standard web server which includes CGI and ISAPI support. Pi3Web uses multithreading to handle system requests. Pi3Web is available for Windows, Linux and Solaris. Due to a buffer overflow vulnerability in John Roy Pi3Web...

Savant Web Server buffer overflow

Buffer overflow on oversized CGI filename, on oversized request...

Очередные ошибки в CGI

No description provided...

BOOZT! Standard 's administration cgi vulnerable to buffer overflow

BOOZT! is a banner management software for linux servers. It has a remote administration system based on web. I played with version 0.9.8alpha. Here is a reproduction of the bug: http://127.0.0.1:8080/cgi-bin/boozt/admin/index.cgi?section=5&input=1 Fill the "Name Field" with enough A's 770 was be...

Boozt 0.9.8 - Remote Buffer Overflow

Boozt 0.9.8 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/3787/info Boozt! is a free open source banner management software for Linux hosts. An issue has been reported which could allow for a user to execute arbitrary code on a Boozt! host. This is acheivable when a Boozt!...

Переполнение буфера и DoS в awhttpd (buffer overflow)

Сервер вылетает при обращении к несуществующему файлу в CGI. Переполнение кучи...

blackshell2: zml.cgi remote exploit

-----BEGIN PGP SIGNED MESSAGE----- --blackshell security advisory no2-- --zml.cgi remote exploit-- vendor details & history zml.cgi for webservers by jero.cc http://www.jero.cc/zml/zml.html details of exploit this is a classic CGI bug which uses ../../../../ to read remote files. example:...

Очередные дырки в CGI

No description provided...

CVE-2001-1206

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $errorlog variable...

GOBBLES CGI MARATHON #003

PRODUCT AdStreamer http://www.sha-la-la.com/adstreamer/ DESCRIPTION This software have many an open call that can exploited with Perl tricks like ../, 00, |, etc. bash-2.05$ egrep 'open|system|exec|eval' .cgi addbanner.cgi: This script is apart of the Banner Manager system. It will add banners...

Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...

Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting

source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...

[SECURITY] [DSA-094-1] mailman cross-site scripting problem

Package : mailman Problem type : cross-site scripting hole Debian-specific: no Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been...