9784 matches found
Security advisory for analog
SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...
Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access
The 'commerce.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10612;...
ROADS search system "show files" Vulnerability with "null bite" bug
Name: ROADS search system "show files" Vulnerability with "null bite" bug Date: 29.01.2001 About: The search.pl program is a Common Gateway Interface CGI program used to provide an end user search front end to ROADS databases. When accessed with no CGI query, the program can return an HTML form t...
Muscat Empower CGI Malformed DB Parameter Path Disclosure
The remote host appears to be running Muscat Empower. It was possible to get the physical location of a virtual web directory by issuing the following command : GET /cgi-bin/empower?DB=whatever HTTP/1.0 A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C...
PALS Library System WebPALS pals-cgi Multiple Vulnerabilities
The 'pals-cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
Way-board way-board.cgi db Parameter Arbitrary File Access
The 'way-board' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10610;...
CVE-2001-0023
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...
CVE-2001-0024
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter...
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...
CVE-2001-0086
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...
HSWeb HTTP Server /cgi Directory Request Path Disclosure (deprecated)
It is possible to request the physical location of the remote web root by requesting the folder '/cgi'. An attacker can exploit this flaw to gain more knowledge about this host. This plugin has been deprecated. Webmirror3 plugin ID 10662 will identify a browsable directory. %NASLMINLEVEL 999999 C...
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...
CVE-2001-0086
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter...
CVE-2001-0023
CVE-2001-0023 affects the everythingform.cgi CGI program by Leif Wright. It allows a remote attacker to execute arbitrary commands via shell metacharacters in the config parameter. The available documents do not specify affected versions, root cause details beyond this description, or any provide...
CVE-2001-0023
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...
CVE-2001-0024
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter...
SUBMISSION - multiple vulnerabilities in Prospero 1.3.5 CGI
= Warped Force Advisory = Author: darkyoda [email protected] Subject: Multiple vulnerabilities in Prospero 1.3.5 CGI Discovered: 12.15.00 Announced: 2.1.01 Vendor Status: Maintainer notified 12.27.00. New version released. Current version is 1.3.7 Platforms: Any web server capable of running...
Дырка в Prospero 1.3.5 CGI
Многочисленные локальные дырки, недостаточно длинные пин-коды и т.д...
Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability
Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow Vulnerability Jin Ho You, [email protected] 1 Discussion CrazyWWWBoardhttp://www.crazywwwboard.com is a web bulletin board program written in C/C++. Insufficient boundary checking exists in the qDecoder CGI library code which...
iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read
The 'hsx.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescripti...