CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration 1 source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full...

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (2)

CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration 2 source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a...

CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)

source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...

CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (1)

source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...

CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)

source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing...

everythingform.txt

Content-Type: Remote Root via vulnerible CGI software Date : 13/08/2000 Sender : s1gnal9 Subject : everythingform.cgi Vulnerible CGI X-System : UNIX/NT systems running the everythingform.cgi CGI software X-Status : s1gnal9-ADVISORY-everythingform.txt X-Greets : Narr0w, f0bic, VetesGirl PRODUCT...

form-totaller.txt

Content-Type: Remote Root via vulnerible CGI software Date : 13/08/2000 Sender : s1gnal9 Subject : form-totaller Vulnerible CGI X-System : UNIX/NT systems running the form-totaller CGI software X-Status : s1gnal9-ADVISORY-form-totaller.txt X-Greets : Narr0w, f0bic, VetesGirl PRODUCT NAME:...

wais.pl.advisory.txt

Wais.pl parameter passing security problem + Another fine advisory by Scrippie |============================================| Cheers to: zsh, Synnergy, phreak.nl | Lots of Love to: Maja, Hester | --- The CGI --- The wais.pl CGI written by Tony Sanders provides means to access the waisq WAIS...

Security Bulletin (MS00-057)

Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...

Переполнение буфера в Statistics Server

Переполнение буфера в одном из CGI-компонентов позволяет выполнение кода с привилегией сервера...

Дырка в AnalogX Simple Server

Запрос к длинному имени файла в каталоге cgi-bin приводит к краху сервера...

WebSite Pro webfind.exe keywords Parameter Remote Overflow

The 'webfind.exe' CGI script on the remote host is vulnerable to a buffer overflow when given a too long 'keywords' argument. This problem allows an attacker to execute arbitrary code as root on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Дырки в Alibaba

Стандартный CGI-Скрипт позволяет выполнение любых приложений...

CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as userupdatepasswd.pl and userupdateadmin.pl...

alibaba.txt

Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: Prizm Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It supports cgi among many...

Computer Software Manufaktur Alibaba 2.0 - Piped Command

Computer Software Manufaktur Alibaba 2.0 - Piped Command source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine...

Computer Software Manufaktur Alibaba 2.0 - Piped Command

source: https://www.securityfocus.com/bid/1485/info Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine. http://victim/cgi-bin/post32.exe|echo%20c:\text.txt...

Virtual Visions FTP ftp.pl dir Parameter Traversal Arbitrary File Access

The remote ftp server contains a CGI script that provides and HTML interface. This CGI script contains a vulnerability that an attacker can use to get the listing of the content of arbitrary directories. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

poll_it.txt

The CGI is available from: http://www.cgi-world.com/pollit.html The bug takes place when calling the CGI and passing it parameters that overwrite settings initialized in the CGI: /cgi-bin/pollit/PollItSSIv2.0.cgi?datadir=/etc/passwd%00 Because the CGI initializes it's internal variables before...

CVE-2000-0424

The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters...