CVE-2000-0677

Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATHINFO environmental variable...

CVE-2000-0627

BlackBoard CourseInfo 4.0 is affected by an authentication flaw that allows local users to modify CourseInfo database information and gain privileges by directly calling supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. The provided documents do not include remediati...

CVE-2000-0282

The CVE-2000-0282 issue affects TalentSoft Web+ WebPlus CGI (webplus) used in the Web+ shopping cart. The vulnerability is a traversal flaw in the webplus CGI that allows remote attackers to read arbitrary files by using a .. (dot dot) path traversal in the CGI request (e.g., /cgi-bin/webplus?scr...

CVE-2000-0063

CVE-2000-0063 affects the Nortel Contivity HTTP server via the cgiproc CGI script, which allows remote attackers to read arbitrary files by passing a filename parameter. This points to an uncontrolled file access flaw in the CGI handler, enabling partial confidentiality impact. The available docu...

CVE-2000-0588

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands...

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...

CVE-2000-0511

CVE-2000-0511 concerns CUPS (Common Unix Printing System) 1.04 and earlier, where a remote attacker can cause a denial of service by sending a CGI POST request. The vulnerability affects the CUPS CGI handling path and is described as a remote DoS with no confidentiality or integrity impact, and p...

CVE-2000-0064

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters...

CVE-2000-0521

Savant web server vulnerability CVE-2000-0521 allows remote disclosure of CGI source by requesting the original CGI form. The OpenVAS NASL description: “Savant original form CGI access” states that attackers can download the unprocessed CGI, exposing sensitive information stored inside those scri...

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

CVE-2000-1204

Vulnerability in the modvhostalias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root...

CVE-2000-0670

CVE-2000-0670 affects CVSWeb 1.80. The cvsweb CGI script allows remote attackers with write access to a CVS repository to execute arbitrary shell commands. This is a local-style attack vector with the attacker authenticated to the CVS repository, and the impact is arbitrary command execution in t...

CVE-2000-0639

The issue affects Big Brother 1.4h2 and earlier; default configuration lacks proper access restrictions, enabling remote upload of a file via bbd that can be executed as a CGI script by the web server, allowing remote command execution. CVSS2 base impact is high (7.5). No remediation details are ...

CVE-2000-0521

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number...

Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure

Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that...

eXtropia Web Store web_store.cgi Traversal Arbitrary File Access

The remote web server is hosting eXtropia WebStore, a shopping cart application. The installed version allows an attacker to read arbitrary files via a .. dot dot attack on the page parameter. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details...

Bytes Interactive Web Shopper shopper.cgi Traversal Arbitrary File Access

The remote host contains is running Byte's Interactive Web Shopper, a shopping cart application. The installed version allows for retrieval of arbitrary files from the web server. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by...

thttpd ssi: retrieval of arbitrary world-readable files

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...

Дырка в thttpd &#40;ssi CGI file retrieval&#41;

Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...