Несанкционированный доступ через xitami (privelege escalation)

Пароль администратора хранится в открытом на чтение файле. Сам веб-сервер работает с привилегиями root. Администратор может изменить расположение Cgi-bin получив доступ с правами root...

SuSE Security Announcement: susehelp

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: susehelp Announcement-ID: SuSE-SA:2001:041 Date: Thu Nov 22 11:36:00 MET 2001 Affected SuSE versions: 7.2, 7.3 Vulnerability Type: remote command execution Severity 1-10: 8 SuSE default package: yes Other affected systems: no...

CVE-2001-0849

Viralator vulnerability (CVE-2001-0849) affects Viralator 0.9pre1 and earlier, where the CGI (viralator.cgi) insecurely passes a file URL to wget, enabling remote code execution with the web server’s privileges. OpenVAS findings confirm a command execution path via the Viralator CGI, with remedia...

CVE-2001-0918

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely...

Очередные ошибки в CGI

Некомментируется символ перевода строки при вызове внешней команды...

Очередные ошибки в CGI

No description provided...

cgi vulnerability

hi all I found a security hole in Book of guests and Post it! written by Seth Leonard. It is available at http://www.dreamcachersweb.com The problem is that this script doesn't filter out ANY metacharacters from the input and pass it to the shell. Therefore by writing something like...

iBill Management Script - Weak Hard-Coded Password

iBill Management Script - Weak Hard-Coded Password source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default...

Mountain Network Systems WebCart 8.4 - Command Execution

Mountain Network Systems WebCart 8.4 - Command Execution source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by...

Mountain Network Systems WebCart 8.4 - Command Execution

source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by the script. WebCart exploit Spawn bash style Shell with...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

Дырки в Interscan VirusWall, OfficeScan, Virus Buster (remote execution, buffer overflow)

Возможно запустить удаленно несколько CGI имеющих переполнения буфера...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT is vulnerable via CGI programs that handle configuration and do not restrict access. Remote attackers could modify configuration by directly invoking these CGI scripts. Root cause is lack of access controls on certain CGI endpoints. Affected product/...

CVE-2001-0795

Perception LiteServe 1.25 is affected by CVE-2001-0795. Remote attackers can obtain the source code of CGI scripts by requesting URLs that contain MS‑DOS conventions, such as uppercase letters or 8.3 file names. The PT-2001-1972 advisory notes a vulnerability in Perception LiteServe 1.25 and prov...

CVE-2001-0791

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access...

CVE-2001-0795

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as 1 upper case letters or 2 8.3 file names...

PT-2001-1972 · Perception · Perception Liteserve

Name of the Vulnerable Software and Affected Versions: Perception LiteServe version 1.25 Description: The issue allows remote attackers to obtain the source code of CGI scripts via URLs that contain MS-DOS conventions, such as upper case letters or 8.3 file names. Recommendations: For Perception...

Re: Bug found in ht://Dig htsearch CGI

Name: ht://Dig htsearch CGI Versions affected: 3.1.0b2 and more recent, including 3.1.5 and 3.2.0b3 Vulnerability: Potential remote exposure. Denial of Service. Details: The htsearch CGI runs as both the CGI and as a command-line program. The command-line program accepts the -c filename to read i...

Доступ к административному интерфейсу в PGP Keyserver (anauthorized access)

Через CGI-приложения можно получить доступ к административному интерфейсу без авторизации...