CVE-2001-0689

Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program...

CVE-2000-0877

CVE-2000-0877 concerns the MailForm 2.0 product, specifically the mailform.pl CGI script. The vulnerability allows remote attackers to read arbitrary files by supplying a filename in the XX-attach_file parameter, which MailForm then sends to the attacker. The issue directly concerns the confident...

Очередные ошибки в CGI

Недостаточная проверка ввода пользователя...

Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL

Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...

CVE-1999-1154

LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...

CVE-1999-1155

LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...

CVE-1999-1281

Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program...

CVE-1999-1462

Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files...

CVE-1999-1070

The CVE-1999-1070 entry describes a buffer overflow in the ping CGI program of Xylogics Annex terminal service, allowing remote denial of service via a long query parameter. Public sources in the connected docs verify the affected component as the ping CGI script and the root cause as a buffer ov...

CVE-1999-1179

CVE-1999-1179 describes a vulnerability in the included man.sh CGI script from SysAdmin Magazine (May 1998) that allows remote attackers to execute arbitrary commands. The NVD notes a CVSSv2 base score of 7.5 (HIGH) with AV:N/AC:L/Au:N/C:P/I:P/A:P. The entry lists no exploitation status and provi...

CVE-1999-1357

CVE-1999-1357 affects Netscape Communicator 4.04–4.7 on UNIX, where 0x8b is mapped to ‘’, enabling cross-site scripting via CGI scripts that fail to filter these characters. The description does not specify affected versions beyond those, nor the root cause beyond character mapping in HTML contex...

CVE-1999-1436

Ray Chan WWW Authorization Gateway 0.1 CGI program is affected by a remote command execution vulnerability: an attacker can supply shell metacharacters in the "user" parameter to execute arbitrary commands. The available sources corroborate this description across CVE registries, but do not provi...

CVE-1999-1155

CVE-1999-1155 affects the LakeWeb Mail List CGI script, where remote attackers can execute arbitrary commands by injecting shell metacharacters into the recipient email address. The description specifies a remote command execution risk with network access and no authentication. No explicit patch ...

CVE-1999-1469

The vulnerability CVE-1999-1469 stems from a buffer overflow in the w3-auth CGI program within the miniSQL package. An attacker can remotely execute arbitrary commands by sending an HTTP request with a long URL or a long User-Agent header. The CVSS data indicates a network attack vector with low ...

CVE-1999-1381

The CVE covers a buffer overflow in the dbadmin CGI program 1.0.1 on Linux, enabling remote command execution. The available sources state this vulnerability allows arbitrary commands to be executed by an unauthenticated attacker over the network. No remediation or patch details are provided in t...

CVE-1999-1281

CVE-1999-1281 affects the Breeze Network Server (development version). The vulnerability allows remote attackers to reboot the system by accessing the configbreeze CGI program. Impact is indicated as partial availability (per CVSS data), with network access and no authentication required in the d...

CVE-1999-1070

Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter...

CVE-1999-1179

Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands...

CVE-1999-1357

Netscape Communicator 4.04 through 4.7 and possibly other versions in various UNIX operating systems converts the 0x8b character to a "" sign, which could allow remote attackers to attack other clients via cross-site scripting CSS in CGI programs that do not filter these characters...

CVE-1999-1250

The CVE-1999-1250 entry describes a vulnerability in the CGI component of the Lasso application by Blue World (used on WebSTAR and other servers). The flaw allows remote attackers to read arbitrary files via the CGI program. The provided sources confirm the affected product and the impact (unauth...