9784 matches found
CVE-2000-0177
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters...
CVE-2000-0022
Technical details about CVE-2000-0022 are not publicly provided in the supplied documents. Monitor for updates from referenced sources; only the basic description about Lotus Domino CGI-bin anonymous access is available.
CVE-2000-0177
CVE-2000-0177 concerns DNSTools CGI applications where remote attackers can execute arbitrary commands due to shell metacharacters. The issue is described across NVD and CVE records as enabling complete compromise (C, I, A) with network access and no authentication, yielding a very high risk (CVS...
CVE-2000-0149
Zeus web server allows remote attackers to view the source code for CGI programs via a null character %00 at the end of a URL...
CVE-2000-0149
Zeus Web Server (versions 3.1.x–3.3.5) contains an information disclosure flaw where a null byte (%00) at the end of a URL allows remote attackers to view the source code of CGI scripts. Root cause: improper handling of CGI input leading to source disclosure. Impact is information exposure of CGI...
CVE-2000-0039
CVE-2000-0039 affects AltaVista search engine via a directory traversal vulnerability in the query.cgi CGI program, allowing remote attackers to read files above the document root by exploiting a .. (dot dot) parameter. The issue is documented across multiple sources (NVD, CVE List, Nessus listin...
Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access
The 'sojourn.cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10349;...
Mirabilis ICQ 0.9998.0 a2000.0 A99a - Remote Denial of Service
Mirabilis ICQ 0.9998.0 a2000.0 A99a - Remote Denial of Service // source: https://www.securityfocus.com/bid/1463/info The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. / ICQ...
rpm_query CGI System Information Disclosure
The rpmquery CGI is installed. This CGI allows anyone who can connect to this web server to obtain the list of the installed RPMs. This allows an attacker to determine the version number of your installed services, hence making their attacks more accurate. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2000-0192
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpmquery, which allows remote attackers to determine what packages are installed on the system...
Caldera OpenLinux 2.3 - rpm_query CGI
Caldera OpenLinux 2.3 - rpmquery CGI source: https://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and...
Caldera OpenLinux 2.3 - rpm_query CGI
source: https://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this...
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
The remote web server is hosting the 'infosrch.cgi' script. The installed version of this script fails to properly sanitize user- supplied input to the 'fname' variable. An attacker, exploiting this flaw, could execute arbitrary commands on the remote host subject to the privileges of the web...
CVE-2000-0177
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters...
htdig.txt
software: ht://Dig URL: http://www.htdig.org/ Version: 3.1.4, 3.2.0b1 and previous Platforms: Unix, Win32, MacOS, Mac OS X Server Type: CGI, Input validation problem Vendor status: Notified, patch already available Date: 02/28/2000 Summary: Any remote user can view arbitrary files on your system...
FreeBSD-SA-00:06.htdig
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:06 Security Advisory FreeBSD, Inc. Topic: htdig port allows remote reading of files Category: ports Module: htdig Announced: 2000-03-01 Affects: Ports collection before...
NetWin DNews 5.3 Server - Remote Buffer Overflow
source: https://www.securityfocus.com/bid/1172/info DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group...
CVE-2000-0188
EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...
CVE-2000-0187
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...
sambar.bat.txt
PRODUCT ------- The Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows NT and Windows 95. AFFECTED VERSIONS ----------------- All version of Sambar server running under Windows NT 4.0 and Windows 2000. Windows 98 version is vulnerable. VULNERABILITY DESCRIPTION...