CVE-2000-0473

Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory...

CVE-2000-0564

The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter...

CVE-2000-0411

CVE-2000-0411 concerns Matt Wright’s FormMail CGI script. The vulnerability allows remote attackers to obtain environmental variables via the env_report parameter, potentially exposing sensitive system information. Connected PT-2000-1353 notes affected versions are not specified and provides no f...

CVE-2000-0424

The CVE-2000-0424 entry concerns the CGI Counter 4.0.7 (by George Burgyan) and describes remote command execution via shell metacharacters. The connected documents corroborate that the vulnerability arises from improper handling of shell metacharacters in the CGI Counter 4.0.7 interface, enabling...

CVE-2000-0674

ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. dot dot attack...

Big Brother bb-hostsvc.sh 'HOSTSVC' Parameter Traversal Arbitrary File Access

The version of Big Brother running on the remote host is affected by a directory traversal vulnerability in the 'HOSTSVC' parameter of the 'bb-hostsvc.sh' CGI. A remote attacker can exploit this to read sensitive information from the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Poll It CGI data_dir Parameter Arbitrary File Access

'PollItSSIv2.0.cgi' is installed. This CGI has a well known security flaw that lets an attacker retrieve any file from the remote system, e.g. /etc/passwd. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by Tenable: - attempt to read...

Дырка в CGI PollIt

Классическое сочетание дырок - обратный путь в директориях, "ядовитый 0" и др. приводят в к возможности доступа к любому файлу: /cgi-bin/pollit/PollItSSIv2.0.cgi?datadir=/etc/passwd00...

Дырка в Pollit CGI

Используя "ядовитый NUll" можно получить любой файл с сервера:http://www.targethost.com/pollit/PollItv2.0.cgi?datadir=etcpasswd00...

Pollit CGI-script opens doors!

Description: Bug in PollItSSIv2.0.cgi reveals info. Compromise: Accessing files that arn't in the web-dir. Vulnerable Systems: Pollit v2.0 only tested version. Details: When you run the Pollit CGI script ALL your world readable files could be accessed by any web user, for example your /etc/passwd...

Vulnerability in Poll_It cgi v2.0

This has already been sent to securityfocus.com and cgi-world.com. It is now listed at securityfocus.com at http://www.securityfocus.com/bid/1431. Original email that I sent is below: The CGI is available from: http://www.cgi-world.com/pollit.html The bug takes place when calling the CGI and...

CGI-World Poll It 2.0 - Internal Variable Override

CGI-World Poll It 2.0 - Internal Variable Override source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote us...

CGI-World Poll It 2.0 - Internal Variable Override

source: https://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote user by specifying the new value as a variable in the...

CVE-2000-0588

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands...

NetWin dMailWeb Unrestricted Mail Relay

Product: NetWin dMailWeb Type: Unrestricted Mail Relay Severity: Moderate Versions: = 2.6g: Case A All, configuration error: Case B Note: NetWin cwMail also appears vulnerable to the same attacks, and appears to be using exactly the same version numbers. --- Overview dMailWeb is a CGI application...

CVE-2000-0511

CUPS Common Unix Printing System 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request...

CVE-2000-0423

The CVE-2000-0423 entry describes a vulnerability in Netwin DNEWSWEB CGI where a buffer overflow allows remote attackers to execute arbitrary commands by supplying long values for parameters such as group, cmd, and utag. Affected component is the DNEWSWEB CGI program; root cause is a buffer overf...

CVE-2000-0423

Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag...

CVE-2000-0422

CVE-2000-0422 : Buffer overflow in the Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. Affected component: Netwin DMailWeb CGI. Impact: arbitrary command execution; no patch/mitigation details are provided in the supplied documents. E...

CVE-2000-0473

Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory...