Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access

The 'store.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10639;...

Очередная дырка в WebSite Pro

CGI-директории по умолчанию открыты на запись. В состав сервера входит программа, позволяющая загружать файлы на сервер. Кроме того, при определенном запросе сервер показывает путь к локальным файлам, что суммарно позволяет загрузить и выполнить любой файл на сервере...

Aspseek Buffer Overflow

|---------------------------------------------------------------------------------------| / Product: Aspseek Search Engine. Vendor URL: www.aspseek.org / Tested on: v1.0.0 - v1.0.3 Freeware Linux Vendor Contact: Mailed on 8th March NO Reply Vendor Patched though / |-- The Problem,...

CVE-2001-0135

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...

Дырки в CGI Iconboard

Обратный путь в директориях в сочетании с ошибкой NULL-byte позволяет получить содержимое любого файла...

Remote buffer overflow condition in post-query (CGI).

The overflow condition is very easily exploitable, since the code actually supplies the pointer to the exploit code itself, odd as it maye seem. The pointer thusly does not need to be second-guessed at all, making life much easier for crackers. Code excerpts; ... define MAXENTRIES 10000 typedef...

Ошибка в post-query CGI

Переполнение буфера...

CVE-2001-0224

CVE-2001-0224 affects the Muscat Empower CGI program. A remote attacker can cause disclosure of the server’s absolute pathname via an invalid request in the DB parameter. The issue is demonstrated by a misleading DB parameter in a GET request to the CGI (e.g., GET /cgi-bin/empower?DB=whatever), w...

CVE-2001-0224

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter...

CVE-2001-0210

Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. dot dot attack in the page parameter...

Free Online Dictionary of Computing 1.0 - Remote File Viewing

source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and submit requests for files readable by the webserver, as well as...

Free Online Dictionary of Computing 1.0 - Remote File Viewing

Free Online Dictionary of Computing 1.0 - Remote File Viewing source: https://www.securityfocus.com/bid/2484/info A vulnerability exists in a CGI script called "The Free Online Dictionary of Computing". Due to a failure to properly validate user supplied input, a remote attacker can compose and...

ROADS search.pl form Parameter Traversal Arbitrary File Access

The 'search.pl' CGI from ROADS is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

CGI - mailnews.cgi vulnerability...

Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...

WebSPIRS webspirs.cgi Traversal Arbitrary File Access

The remote host is running WebSPIRS, SilverPlatter's Information Retrieval System for the web. The installed version of WebSPIRS has a well-known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 This script...

W3.org Anaya Web sendtemp.pl 'templ' Parameter Traversal Arbitrary File Access

The 'sendtemp.pl' CGI is installed. This CGI has a well known security flaw that allows an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10614;...

Bajie WebServer 0.78/0.90 - Remote Command Execution

source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These uploaded scripts are placed in known destination...

Bajie WebServer 0.780.90 - Remote Command Execution

Bajie WebServer 0.780.90 - Remote Command Execution source: https://www.securityfocus.com/bid/2388/info It is possible to execute arbitrary commands on a host running Bajie Webserver. A remote user can use Bajie's built-in upload feature to place malicious scripts on Bajie webservers. These...

CVE-2001-0135

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs...

Очередные ошибки в CGI

Различные ошибки с обратным путем в директории приводящие к возможности получения доступа к файлам...