CVE-1999-0606

The CVE-1999-0606 entry concerns the EZMall 2000 shopping cart CGI program mall2000.cgi. The issue is described as an incorrect configuration that could disclose private information, affecting confidentiality (PARTIAL) with a CVSS v2 base score of 5.0 (Network, low attack complexity, no authentic...

CVE-1999-0609

CVE-1999-0609 concerns the SoftCart CGI program (SoftCart.exe). The connected records indicate an incorrect configuration that could disclose private information. There are multiple entries (NVD, Red Hat, CVE List) with identical descriptions, but no public details on affected versions, specific ...

CVE-1999-0610

CVE-1999-0610 concerns a misconfiguration in the Webcart CGI program that can disclose private information. Affected component: Webcart CGI; root cause: incorrect configuration. Exposed locations include world-readable files/directories under /webcart and /webcart-lite (e.g., orders/, carts/, con...

CVE-1999-0467

The CVE-1999-0467 issue affects the Webcom CGI Guestbook programs wguest.exe and rguest.exe, where the template parameter can be used by a remote attacker to read arbitrary files. Public sources (NVD, Red Hat, CVE List) consistently describe an unauthenticated, remote file-read vulnerability affe...

CVE-1999-0467

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter...

CVE-1999-0604

An incorrect configuration of the WebStore 1.0 shopping cart CGI program "webstore.cgi" could disclose private information...

CVE-1999-0287

Technical details for CVE-1999-0287 are not publicly provided in the connected documents. No confirmed affected versions, root cause, or fixes are disclosed here. Monitor for updates from vendors and security advisories.

CVE-1999-0509

Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands...

CVE-1999-0287

Vulnerability in the Wguest CGI program...

CVE-1999-0283

The Java Web Server would allow remote users to obtain the source code for CGI programs...

CVE-2000-0074

The vulnerability CVE-2000-0074 affects PowerScripts PlusMail CGI. The PlusMail CGI allows remote command execution via a password file with improper permissions on the server side. Affected component: PlusMail CGI in PowerScripts. Impact per sources: potential remote command execution with netwo...

CVE-2000-0122

Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program...

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...

CVE-1999-0753

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories...

CVE-1999-0753

CVE-1999-0753 affects the Mini SQL package via the w3-msql CGI script. The issue allows remote attackers to view restricted directories through the CGI, exposing partial confidentiality (per CVSS: Network, Low attack complexity, No authentication, Partial confidentiality/Integrity/Availability). ...

CVE-2000-0063

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...

PlusMail plusmail CGI Arbitrary Command Execution

The 'plusmail' CGI is installed. Some versions of this CGI have a well known security flaw that lets an attacker read arbitrary file with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2000-0074

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions...

Home Free search.cgi Traversal Arbitrary File Access

The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...

AltaVista Intranet Search CGI query Traversal Arbitrary File Access

It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...