Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10712...

Roxen security alert: URL decoding vulnerable

Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...

Omnicron OmniHTTPd 2.0.7 - File Corruption Command Execution

Omnicron OmniHTTPd 2.0.7 - File Corruption Command Execution source: https://www.securityfocus.com/bid/2211/info OmniHTTPD is a compact Windows based web server by Omnicron Technologies. OmniHTTPD has various features including multiple domain support, keep-alive connections, supports virtual IP...

Sambar Server pagecount CGI Traversal Arbitrary File Overwrite

By default, there is a pagecount script with Sambar Web Server located at http://sambarserver/session/pagecount This counter writes its temporary files in c:\sambardirectory\tmp. It allows to overwrite any files on the filesystem since the 'page' parameter is not checked against '../../' attacks...

CVE-2001-1024

login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument...

multiple vulnerabilities in un-cgi

I recently found a number of vulnerabilities in the CGI wrapper program uncgi'. I was amazed to find out this was never reported before at least; the archives don't show it. Description ----------- Un-CGI is a little program that parses options in i.e. QUERYSTRING and starts a CGI script. Since a...

Очередные дырки в CGI

Возможность получть любой файл через обратный путь в директориях...

CVE-2001-1241

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "!" and the desired program name...

CVE-2001-1242

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. dot dot in an HTML form...

Lotus Domino vulnerable to a denial of service via DOS device request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial-of-service situation on the Windows and OS/2 Platforms. Description With the Lotus Domino Web Server, you can access DOS-devices. If this is done through the cgi-bin directory, a ncgihttp.exe process wi...

QDAV-2001-7-1

--=====================133743754==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Multiple CGI Flat File Database Manipulation Vulnerability qDefense Advisory Number QDAV-2001-7-1 Product: Numerous CGI's Vendor: Numerous Vendors Severity: Remote; Severity varies, but can often be...

CVE-2001-0436

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. dot dot in the AZ parameter to reference the program...

Advisory Ghttp 1.4

/--------------------------------------------/ / - Advisory "Ghttpd 1.4" - / /--------------------------------------------/ / Auteurs : Lionel & Gangstuck / / Contact : [email protected] / / [email protected] / / WEB : www.secu-fr.org / / www.clickmicro.com / / IRC : :secu-fr clickmicro /...

Доступ к файлам, удаленное выполнение в gntasweb (anauthorized access)

Классические ошибки CGI на perl...

Active Classifieds 1.0 - Arbitrary Code Execution

source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds that may allow remote users to perform some...

Tarantella Enterprise ttawebtop.cgi pg Parameter Traversal Arbitrary File Access

The 'ttawebtop.cgi' CGI is installed. The installed version is affected by multiple flaws : - It is possible to read arbitrary files from the remote system by including directory traversal strings in the request. - It may be possible for an attacker to execute arbitrary commands with the privileg...

Очередные дырки в CGI

Обратный путь в директориях...

Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing

source: https://www.securityfocus.com/bid/2890/info Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions. ttawebtop.cgi is a CGI script included with the Tarantella,...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...

Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation

Sean MacGuire Big Brother 1.01.31.4 - CGI File Creation source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly...