CVE-1999-1278

nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via 1 nlog-smb.pl or 2 rpc-nlog.pl...

CVE-1999-1469

Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with 1 a long URL, or 2 a long User-Agent MIME header...

CVE-1999-1278

CVE-1999-1278 affects the nlog CGI scripts where the IP address argument is not properly filtered for shell metacharacters. This enables remote attackers to execute commands via two scripts: (1) nlog-smb.pl and (2) rpc-nlog.pl. The description does not provide additional details on affected versi...

CVE-2001-0958

Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs 1 register.dll, 2 ContentFilter.dll, 3 SFNofitication.dll, 4 register.dll, 5 TOP10.dll, 6 SpamExcp.dll, and 7...

CVE-1999-1462

The CVE-1999-1462 issue affects the Big Brother bb-hist.sh History module, specifically in Big Brother 1.09b and 1.09c. The vulnerability is a directory traversal flaw exposed through the HISTFILE parameter of the bb-hist.sh CGI, allowing a remote attacker to read arbitrary files on the affected ...

CVE-1999-1378

The CVE-1999-1378 entry describes a vulnerability in the dbmlparser.exe CGI guestbook program where a chroot operation is not performed properly, allowing remote attackers to read arbitrary files. The affected component is the CGI guestbook program implemented by dbmlparser.exe; root cause is inc...

CVE-1999-1378

dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files...

CVE-1999-1153

CVE-1999-1153 affects HAMcards Postcard CGI script 1.0. The vulnerability allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the recipient email address, enabling potentially partial confidentiality, integrity, and availability impact. The CVSS score (2.0) ...

CVE-1999-1063

CDomain whoisraw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter...

CVE-1999-1412

CVE-1999-1412 describes a DoS risk from an interaction between MacOS X 1.0 and Apache HTTP server, where a flood of HTTP GET requests to CGI programs can spawn many processes on affected systems. Connected sources provide concrete details indicating the issue relates to the Apache httpd component...

CVE-1999-1154

The CVE-1999-1154 entry concerns the LakeWeb Filemail CGI script. The vulnerability arises when a recipient email address can include shell metacharacters, enabling remote command execution via the CGI script. The issue is rooted in improper handling of email input in the CGI component, with a ne...

CVE-1999-1381

Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands...

Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure

Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure source: https://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI script...

Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure

source: https://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts. A vulnerability exists in Power Up HTML which allows directory traversa...

CVE-2001-0689

CVE-2001-0689 affects Trend Micro Virus Control System 1.8, where a remote attacker can view and modify configuration via a specific CGI program. The NVD entry documents a high-severity issue (CVSS v2 base score 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P). The connected documents do not provide concrete exp...

CVE-2001-0689

Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program...

Получение исходного текста CGI в Bad Blue (source code retrieval)

Додбавив 00 к имени файла PHP или CGI можно получить его исходный код...

store.cgi.txt

Hi conrades: I write about a vulnerability in /cgi-bin/Store/store.cgi -- This is part of a software that Key to the web http://www.keyweb.com use for her "e-comerce solutions". In her page you can find a list of posible webs with this vulnerability but you must be faster becouse can be early...

SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution

SuSE CGI 'sdbsearch.cgi' is installed. This CGI allows a local and possibly remote user to execute arbitrary commands with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10720;...

NetCode NC Book book.cgi current Parameter Arbitrary Command Execution

The CGI 'book.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10721; scriptversion"1.27";...