McMurtreyWhitaker Associates Cart32 3.03.13.5 - Full Path Disclosure

McMurtreyWhitaker Associates Cart32 3.03.13.5 - Full Path Disclosure source : https://www.securityfocus.com/bid/1932/info Cart32 is a shopping cart application for e-commerce enabled sites. Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by wa...

McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 - Full Path Disclosure

source : https://www.securityfocus.com/bid/1932/info Cart32 is a shopping cart application for e-commerce enabled sites. Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, will reveal the physical path to the web ro...

NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

NSFOCUS Security AdvisorySA2000-07 Topic: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Release DateЈє Nov 7th, 2000 CVE Candidate Numbers: CAN-2000-0886 BUGTRAQ ID : 1912 Affected system: ================ - Microsoft IIS 4.0 SP6 - Microsoft IIS 5.0 Not affected system:...

Дырки в YaBB search.pl

Классические ошибки Perl-CGI позволяют доступ к любому файлу и выполнение любых приложений...

FreeBSD-SA-00:64.global

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:64 Security Advisory FreeBSD, Inc. Topic: global port allows remote compromise through CGI script Category: ports Module: global Announced: 2000-11-06 Credits: Shigio...

FreeBSD-SA-00:60.boa

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:60 Security Advisory FreeBSD, Inc. Topic: boa web server allows arbitrary file access/execution Category: ports Module: boa Announced: 2000-10-30 Credits: Lluis Mora...

Дырка в CGI News Update

Поменять пароль можно не зная оригинального пароля...

Security Advisory YYYY-NNN

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-014 ================================= Topic: Global-3.55 allows world-wide executable cgi. Version: any before 4.01 Severity: permits remote execution of arbitrary shell commands Abstract ======== When using the CGI interface of the...

Дырка в Global

Недостаточный разбор shell-метасимволов в CGI-Скрипте позволяет выполнение команд на сервере...

CVE-2000-0686

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the fromfile parameter...

CVE-2000-0687

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. dot dot attack in the catdir parameter...

CVE-2000-0696

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script...

auction.weaver.txt

File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 -------------------------------------------------------------- Title: File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Author: Steve Christey [email protected] Date Published: October 16, 2000 Product Name: Auction Weaver...

IIS HACKING

Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by Mount Ararat Blossom 9/15/2000...

CVE-2000-0832

Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter...

CVE-2000-0832

CVE-2000-0832 affects the htgrep CGI script. The issue is an information-disclosure vulnerability: remote attackers can read arbitrary files by supplying a full pathname in the hdr parameter via the web server, exposing sensitive data. The vulnerability is exploitable over network through the htg...

web_store-cgi.txt

Exploit: http://example.com/cgi-bin/Webstore/webstore.cgi?page=../../../../. ./../../../etc/passwd%00.html...

CVE-2000-0511

CUPS Common Unix Printing System 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request...

CVE-2000-0639

The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server...

CVE-2000-0670

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters...