CVE-2000-0944

The CVE-2000-0944 issue affects CGI Script Center News Update 1.1. The vulnerability is in the password change flow where the original news administration password is not properly validated, enabling remote attackers to modify the password without knowing the original. Impact is unauthenticated r...

CVE-2000-0868

The CVE-2000-0868 issue affects Apache 1.3.12 on SuSE Linux 6.4 where the default configuration exposes CGI script source code. The vulnerability arises because /cgi-bin/ requests can be rewritten to /cgi-bin-sdb/, which is an Alias of /cgi-bin, enabling remote attackers to disclose source code o...

Дырка в CGI wwwwais

Классическое переполнение буфера...

wwwwais QUERY_STRING Parameter Remote Overflow

The 'wwwwais' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

Очередные дырки в CGI

Некорректные файловые разрешения...

UltraBoard cgi directory permission problem

Hacksware Bug Report 1. Name: UltraBoard cgi directory permission problem 2. Release Date: 2001.1.12 3. Affected Application: UltraBoard 2000 Personal Edition Version 2.11 http://www.ub2k.com/downloads/UB211PEB1.zip 4. Author: [email protected] 5. Type: Configuration Error 6. Explanation In defau...

IIS 5.0 allows viewing files using %3F+.htr

Georgi Guninski security advisory 33, 2001 IIS 5.0 allows viewing files using 3F+.htr Systems affected: IIS 5.0 patched against the file fragment reading vulnerability Risk: Medium Date: 8 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it...

CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...

CVE-2000-1132

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...

CVE-2000-1186

Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...

CVE-2000-1176

Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. dot dot attack in the "catsearch" form field...

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution

eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...

Очередные дырки в CGI

No description provided...

Дырка в CGI Ikonboard

Классические ошибки perl CGI...

Technote main.cgi filename Parameter Traversal Arbitrary File Access

The technote CGI board is installed. This board has a well known security flaw in the CGI main.cgi that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

DCForum dcboard.cgi Multiple Vulnerabilities

The DCForum dcboard.cgi script is installed. This CGI has some well known security flaws, including one that lets an attacker execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

Очередные дырки в CGI

No description provided...

Input validation error in quikstore.cgi allows attackers to execute commands

Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...

CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...