CVE-2000-1110

document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program...

CVE-2000-1186

CVE-2000-1186 describes a buffer overflow in the phf CGI program that allows remote command execution by supplying a large number of arguments and a long MIME header. The NVD entry lists a-network attack vector, low complexity, no authentication, and partial CIA impact with a base score of 7.5 (H...

EUVD-2000-1171

Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...

CVE-2000-1186

Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header...

CVE-2000-1092

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter...

CVE-2000-0923

authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...

CVE-2000-0977

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter...

CVE-2000-0952

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters...

CVE-2000-0912

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter...

CVE-2000-0924

Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. dot dot attack in the "catigory" parameter...

CVE-2000-0944

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password...

CVE-2000-1176

CVE-2000-1176 describes a directory-traversal vulnerability in YaBB’s search.pl CGI script, permitting remote attackers to read arbitrary files by abusing a .. (dot dot) input in the catsearch form field. The issue is documented for YaBB SE configurations, including references to older plugins th...

CVE-2000-1110

CVE-2000-1110 affects the IBM Net.Data db2www package: the document.d2w CGI program can be probed to reveal the web server’s physical path when a nonexistent command is sent. This is a path disclosure weakness, with partial impact on confidentiality reported (base score 5.0, MITRE ATT&CK not spec...

NSFOCUS SA2000-09 : AHG EZshopper Loadpage.cgi File List Disclosure Vulnerability

NSFOCUS Security AdvisorySA2000-09 Topic: AHG EZshopper Loadpage.cgi File List Disclosure Vulnerability Release DateЈє Dec 13rd, 2000 CVE Candidate Numbers: CAN-2000-1092 Affected system: ================ Alex Heiphetz Group EZshopper v.3.0 for Unix Alex Heiphetz Group EZshopper v.2.0 for Unix...

ezmlm-cgi/ezmlm-idx-0.40 security advisory

Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....

Очередные дырки в CGI

Недостаточная проверка ввода пользователя приводит к различным неприятным последствиям...

Дырка в ezmlm-cgi

Пользователь может задать собственный конфигурационный файл и выполнить любые команды...

(SRADV00005) Remote command execution vulnerabilities in MailMan Webmail

================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...

Дырки в mailman webmail

Классические дырки perl CGI при работе с файлами...

SRADV00005.txt

================================================= Secure Reality Pty Ltd. Security Advisory 5 SRADV00005 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in MailMan Webmail Released 6/11/2000 Vulnerable All 3.x versio...