Sambar Server 4.2 Beta 7 - Batch CGI

Sambar Server 4.2 Beta 7 - Batch CGI source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any vali...

Sambar Server 4.2 Beta 7 - Batch CGI

source: https://www.securityfocus.com/bid/1002/info The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with...

CVE-2000-0213

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters...

Sambar Server Multiple Script Arbitrary Code Execution

At least one of these CGI scripts is installed : hello.bat echo.bat They allow any attacker to execute commands with the privileges of the web server process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10246;...

rcgixploit.c.txt

/ DESIGNER: ZinCShC E-Mail: [email protected] DATE: Mon Feb 14 15:28:19 GMT+2 2000 @601 MADE ON: linux SLackWarE.- GREETINGS: Packo, BlackSouL.- COMPILE: gcc -o rcgix rcgixploit.c DESCRIPTION: Remote Cgi Exploit, looking For PHF ,PHP ,HANDLER ,UPTIME, FINGER and try to Collect Useful FILES such ...

ultimatebb.txt

Hello. Writing cgi scripts in perl is simple. It's also rather safe, providing authors follow very simple instructions. But they don't. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those...

Zeus Web Server Null Byte Request CGI Source Disclosure

The remote host is running the Zeus Web Server. Versions 3.1.x to 3.3.5 of this web server are vulnerable to a bug that allows an attacker to view the source code of CGI scripts. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

zeus.null.txt

This morning Zeus Technology Limited was informed of a serious security bug in the Zeus Webserver by 'The Relay Group' http://relaygroup.com. This document describes the scope of the problem and its solution. Versions affected ----------------- Zeus 3.1.x / 3.3.x Severity -------- High- this bug...

CVE-2000-0149

Zeus web server allows remote attackers to view the source code for CGI programs via a null character %00 at the end of a URL...

CVE-2000-0122

CVE-2000-0122 affects FrontPage Server Extensions. A remote attacker can determine the physical path of a virtual directory by issuing a GET to htimage.exe, leading to information disclosure about server layout. The provided records do not specify affected versions, exact vulnerable component det...

Zeus Web Server 3.x - Null Terminated Strings

Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...

Zeus Web Server 3.x - Null Terminated Strings

source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable eg...

CVE-2000-0074

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions...

CVE-1999-0983

Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry...

CVE-1999-0610

An incorrect configuration of the Webcart CGI program could disclose private information...

CVE-1999-0283

The CVE-1999-0283 issue is described across connected records as a vulnerability in the Java Web Server where remote users could obtain the source code of CGI programs. The materials confirm the affected system (Java Web Server) and the exposure (source disclosure via remote access). No specific ...

CVE-1999-0606

An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information...

CVE-1999-0509

CVE-1999-0509 describes remote arbitrary-command execution when shell interpreters (Perl, sh, csh, etc.) are installed in the web server’s /cgi-bin directory. The underlying issue is CGI scripts running with the server’s privileges, enabling attackers to execute commands. Affected scenario: a WWW...

CVE-1999-0605

Technical details for CVE-1999-0605 are not publicly available in the provided documents. Monitor for updates.

CVE-1999-0604

The CVE-1999-0604 entry refers to an incorrect configuration in the WebStore 1.0 shopping cart CGI program (web_store.cgi) that could disclose private information. Connected sources (Red Hat CVE page, CVE lists, EUVD entry) corroborate the same description. No patches or remediation details are p...