Sean MacGuire Big Brother 1.0/1.3/1.4 - CGI File Creation

source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. ./bb 1.2.3.4...

[SNS Advisory No.29] Trend Micro Virus Control System(VCS) Unauthenticated CGI Usage Vulnerability

SNS Advisory No.29 Trend Micro Virus Control SystemVCS Unauthenticated CGI Usage Vulnerability Problem first discovered: 25 May 2001 Published: 7 Jun 2001 Last Updated: 7 Jun 2001 ---------------------------------------------------------------------- Overview -------- The vulnerability was found ...

CVE-2001-0224

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter...

CVE-2001-0210

Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. dot dot attack in the page parameter...

CVE-2001-0214

Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte...

[SNS Advisory No.28]InterScan VirusWall for NT remote configuration

SNS Advisory No.28 InterScan VirusWall for NT remote configuration Problem first discovered: Thu, 24 May 2001 Published: Thu, 31 May 2001 Last Updated: Thu, 31 May 2001 ---------------------------------------------------------------------- Overview -------- Trend Micro InterScan VirusWall for...

directorypro.cgi , directory traversal

cgi-script directorypro.cgi is vulnerable to a directory traversal. http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd00 I didn't looked at the source of the script but it is probably a script wat normally puts an extension to the requested file. But bij putting the 00...

Directory Pro Traversal Arbitrary File Access

The CGI 'directorypro.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

CVE-2001-0432

The vulnerability CVE-2001-0432 affects Trend Micro Interscan VirusWall 3.01 through its remote administration CGI interface. Multiple CGI programs may overflow when given crafted inputs, allowing remote attackers to execute arbitrary commands. OpenVAS/Nessus entries also describe unauthenticated...

Очередные дырки в CGI

No description provided...

mimanet source viewer 2.0 - Directory Traversal

mimanet source viewer 2.0 - Directory Traversal source: https://www.securityfocus.com/bid/2762/info MIMAnet Source Viewer is a freely available CGI script which allows users to view the source code of files located elsewhere on the server. Source Viewer accepts an argument, 'loc', which it uses a...

sa2001_02.txt

NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (2)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 2 // source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request...

DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)

DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...

Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (2)

// source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (8)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 8 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (6)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 6 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (4)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 4 // source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (3)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 3 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (7)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 7 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...