PerlCal (CGI) show files vulnerability

whizkunde security advisory: PerlCal CGI http://www.whizkunde.org | [email protected] ---------------------------------------------------------- Release date: April 27th 2001 Subject: PerlCal CGI security problem Systems affected: NIX not windows systems running PerlCal CGI script Vendor:...

Очередные дырки в CGI

Обратный путь в директориях, открытые на чтение пароли...

Очередные дырки в CGI

Различные проблемы в CGI-приложениях позволяют выполнение кода...

PHP-Nuke opendir.php Traversal Arbitrary File Read

The remote host has the CGI 'opendir.php' installed. This CGI allows anyone to read arbitrary files with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10655; scriptversion"1.26"...

processit CGI Environment Variable Remote Information Disclosure

The 'processit' CGI is installed. processit normally returns all environment variables. This gives an attacker valuable information about the configuration of your web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

IBM WebsphereNet.Commerce 3 - CGI-BIN Macro Denial of Service

IBM WebsphereNet.Commerce 3 - CGI-BIN Macro Denial of Service source: https://www.securityfocus.com/bid/2588/info Net.Commerce is part of the Websphere platform of products distributed by IBM. Net.Commerce provides several versatile features to facilitate e-commerce, and features in performance a...

IBM Websphere/Net.Commerce 3 - CGI-BIN Macro Denial of Service

source: https://www.securityfocus.com/bid/2588/info Net.Commerce is part of the Websphere platform of products distributed by IBM. Net.Commerce provides several versatile features to facilitate e-commerce, and features in performance and reliability. A problem in the Net.Commerce package could...

CGI - nph-maillist.pl vulnerability...

Hello BuGReaders... Script: nph-maillist.plcgi Introduction: cat from source .................................................................... Created by: Matt Tourtillott URL: www.marketrends.net email [email protected] The email list generator is a web interfaced script that allows the...

Очередные дырки в CGI

Недостаточная проверка ввода пользователя при вызове внешней программы...

nph-maillist 3.03.5 - Arbitrary Code Execution

nph-maillist 3.03.5 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the...

talkback.txt

whizkunde security advisory: talkback CGI http://www.whizkunde.org | [email protected] ---------------------------------------------------------- Release date: April 9th 2001 Subject: talkback.cgi security problem Systems affected: UNIX systems running talkback CGI script Vendor:...

Очередные ошибки в CGI (buffer overflow, directory traversal)

Классическое переполнение буфера crazywwwboard, обратный путь в директориях webspirs, talkback...

nph-maillist 3.0/3.5 - Arbitrary Code Execution

source: https://www.securityfocus.com/bid/2563/info nph-maillist is a Perl CGI script that handles mailing lists, typically used to notify interested users of site updates. A hostile user can enter commands embedded in an email address via the subscription form, and then force a mailing which wil...

CVE-2001-0307

Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist...

CVE-2001-0291

Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters...

CVE-2001-0291

CVE-2001-0291 describes a buffer overflow vulnerability in a post-query sample CGI program. The flaw allows remote attackers to execute arbitrary commands by sending an HTTP POST request containing at least 10001 parameters. The NVD entry lists a high impact (base score 10.0) with complete confid...

CVE-2001-0307

CVE-2001-0307 affects Bajie HTTP JServer 0.78 and earlier than 0.80. The vulnerability allows remote command execution via shell metacharacters in an HTTP request for a CGI program that does not exist. NVD lists a CVSS v2 base score of 7.5 (HIGH) with network access, no authentication, and partia...

uStorekeeper ustorekeeper.pl file Parameter Traversal Arbitrary File Access

The 'ustorekeeper.pl' CGI script installed on the remote host allows an attacker to read arbitrary files subject to the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access

The CGI script 'anacondaclip', which comes with anacondaclip.pl, is installed on this machine. This CGI has a well-known security flaw that allows an attacker to read arbitrary files on the remote system with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable...

Дырка в CGI pwc (format string bug)

Ошибка форматной строки при работе с syslog...