CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution

CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution source: https://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefor...

Infonautic's getdoc.cgi may allow unauthorized access to documents

Message-ID: [email protected] Date: Tue, 11 Apr 2000 16:23:49 -0700 From: Black Watch Labs [email protected] To: [email protected] Subject: Infonautic's getdoc.cgi may allow unauthorized access to documents Hello Elias, As mentioned in the Friday, April 7 ema...

CVE-2000-0287

The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter...

Windmail.exe Shell Metacharacter Arbitrary Command Execution

The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

TalentSoft Web+ webplus CGI Traversal Arbitrary File Access

The 'webplus' CGI allows an attacker to view any file on the target computer by requesting : GET /cgi-bin/webplus?script=/../../../../etc/passwd %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10367; scriptversion"1.33"; scriptcveid"CVE-2000-0282"...

CVE-2000-0208

The htdig ht://Dig CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks in parameters to htsearch...

CVE-2000-0207

CVE-2000-0207 affects SGI InfoSearch Infosrch.cgi where the fname parameter fails to sanitize input, enabling remote arbitrary command execution via shell metacharacters. This is a remote web-server issue likely yielding command execution under the web server user. Nessus notes describe the flaw ...

CVE-2000-0208

The CVE-2000-0208 issue affects the htsearch CGI in the htdig/ht://Dig package. Affected component is the htsearch CGI; the root cause is that parameters to htsearch can be crafted with backticks to cause remote reading of arbitrary files, enabling information disclosure. Impact per sources is pa...

AnalogX SimpleServer 1.03 Remote Crash

t P G tPG ADVISORY Author: Presto Title: AnalogX SimpleServer 1.03 Remote Crash Date: Mar.23.2k Description This problem is similar to the one USSRback.com reported on in Dec.1999 in reference to version 1.01. In that report, a 'GET' command with 1000 char buffer would cause a buffer overflow...

WebObjects DoS

Howdy, We've found a DoS in WebObjects apps with a possible remote exploit. So far we've found this problem in WebObjects 4.5 Developer running with the CGI-adapter and IIS 4.0 on NT 4.0 SP5. WO 4.5 Beta on Solaris 2.6 with Netscape Enterprise isn't vulnerable. Overview: If you send a large 4.1K...

CVE-2000-0255

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program...

Re: Denial of Service in Xitami webserver all versions...

Xitami also has an overflow in one of the default example CGI programs that it comes with. http://server.com/cgi-bin/TESTCGI.EXE bla bla bla overflow argv fun. Signed, Marc eEye Digital Security http://www.eEye.com "Its a bullshit, three ring, circus sideshow. The only way to fix it is to flush i...

Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 - Developer Remote Overflow

Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 - Developer Remote Overflow source: https://www.securityfocus.com/bid/1896/info A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is...

Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 - Developer Remote Overflow

source: https://www.securityfocus.com/bid/1896/info A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with the CGI-adapter and IIS 4.0. An HT...

SalesLogix eViewer slxweb.dll Request Remote DoS

It was possible to crash the remote server by requesting : GET /scripts/slxweb.dll/admin?command=shutdown A remote attacker could use this flaw to crash this host, preventing your network from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

winmail305.txt

I found some vulnerabilities if windmail run as a CGI application.tested On WindowsNT 4.0, Windmail 3.05 successfully. WindMail is a 32-bit Windows console program by geocel that gives you command-line e-mail messaging capability. You can download an evaluation copy of WindMail 3.0 at:...

CVE-2000-0022

Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory...

CVE-2000-0187

EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

CVE-2000-0188

EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...

CVE-2000-0213

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters...