Endymion MailMan 3.0.x - Arbitrary Command Execution

Endymion MailMan 3.0.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of t...

ezmlm-cgi

Package : ezmlm-0.53 and below ezmlm-cgi Announced: 2000-12-05 Ezmlm is an easy to use mailing list manager for qmail. It ships with a cgi application to allow for list archiving and reviewal over the web. Documentation states that the cgi should be installed suid root, but in real world...

PHF (Linuxx86) - Remote Buffer Overflow

PHF Linuxx86 - Remote Buffer Overflow / | phx.c -- phf buffer overflow exploit for Linux-ix86 | Copyright c 2000 by proton. All rights reserved. | | This program is free software; you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Fr...

Дырка в IBM Net.Data

Классическое переполнение буфера в CGI db2www при обработке PATHINFO...

IBM Net.Data 7.0 - Full Path Disclosure

source: https://www.securityfocus.com/bid/2017/info IBM Net.Data is a scripting language used to create web applications, it supports a wide range of language environments and is compatible with most recognized databases. Net.Data contains a vulnerability which reveals server information...

[Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

NSFOCUS Security AdvisorySA2000-07 Topic: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Release DateЈє Nov 7th, 2000 Update DateЈє Nov 23rd, 2000 CVE Candidate Numbers: CAN-2000-0886 BUGTRAQ ID : 1912 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact:...

Markus Triska CGIForum 1.0 - thesection Directory Traversal

Markus Triska CGIForum 1.0 - thesection Directory Traversal source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the...

FreeBSD-SA-00:73.thttpd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...

BB4 Big Brother Network Monitor 1.5 d2 - 'bb-hist.sh?HISTFILE' File Existence Disclosure

source : https://www.securityfocus.com/bid/1971/info Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing. The problem occurs in the Common Gateway Interface package included with Big...

ListMail 112 - Command Execution

ListMail 112 - Command Execution !/usr/bin/perl -w Listmail v112 by P.M.Systems / PoC Exploit Listmail is a powerful, hands-free mailing list manager which is exploitable due to an insecure open call. This exploit will attempt to bind a shell at port 60179/fido by using inetd. Code to spawn an...

Дырка в dnstool CGI

Некорректная замена метасимволов может привести к возможности удаленного выполнения команд...

Poll It CGI v2.0 exploit

Exploit for cgi platform in category web applications ======================== Poll It CGI v2.0 exploit ======================== !/usr/bin/perl Poll It CGI v2.0 exploit shouts to modjo, p, zen, kd, ab, all the script kiddies. use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print"\n\t+--...

Cgisecurity.com advisory on dcforum

The staff of cgisecurity.com have found a remote input validation error in the dcforum cgi script. NOTE: The vendor was very quick to issue a patch on this and becuase of this i decided to release it so soon after finding it. Below is a paste of the advisory. -zenomorph Cgi Security Advisory 2...

Дырка в CGI dcforum

Можно получить доступ к любому файлу...

Poll It CGI 2.0 - Multiple Vulnerabilities

Poll It CGI 2.0 - Multiple Vulnerabilities !/usr/bin/perl Poll It CGI v2.0 exploit keelis/havoc korp 2000 shouts to modjo, p, zen, kd, ab, all the script kiddies. keelisathushmaildotcom use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print"\n\t+--- Poll It CGI v2.0 exploit ---+";...

Poll It CGI 2.0 - Multiple Vulnerabilities

!/usr/bin/perl Poll It CGI v2.0 exploit keelis/havoc korp 2000 shouts to modjo, p, zen, kd, ab, all the script kiddies. keelisathushmaildotcom use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print"\n\t+--- Poll It CGI v2.0 exploit ---+"; print"\n\t+--- keelis/havoc korp 2000 ---+\n\n\n"...

CVE-2000-0868

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...

CVE-2000-0877

mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attachfile parameter, which MailForm then sends to the attacker...

CVE-2000-0832

Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...