9783 matches found
F5 BIG/ip bigconf.cgi file Parameter Arbitrary File Access
The 'bigconf' CGI is installed. This CGI has a well-known security flaw that allows an attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
cobalt.cgiwrap.txt
There is a problem actually several with the "cgiwrap" program on Cobalt RaQ2 servers. It is supposed to run CGI programs as the proper user instead of "nobody" to make CGIs a little more secure. The Cobalt directory structure is as follows: /home/sites/site1/ - top level directory of the site...
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...
Alibaba tst.bat Arbitrary Command Execution
The 'tst.bat' CGI script is installed on this machine. This CGI has a well known security flaw that would allow an attacker to read arbitrary files on the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
Alibaba get32.exe Arbitrary Command Execution
The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon typically root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities // source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
// source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver practice. This results in various...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
AN-HTTPd 1.2b - CGI s
AN-HTTPd 1.2b - CGI s source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...
AN-HTTPd 1.2b - CGI s
source: https://www.securityfocus.com/bid/762/info Certain versions of the AN-HTTPd server contain default CGI scripts that allow code to be executed remotely. This is due to poor sanity checking on user supplied data. http://www.xxx.yy/cgi-bin/input.bat?|dir....\windows...
AN-HTTPd Multiple Test CGIs Arbitrary Command Execution
The remote web server is an AN-HTTPD server which contains default CGI scripts. At least one of these CGIs is installed on the remote server : cgi-bin/test.bat cgi-bin/input.bat cgi-bin/input2.bat ssi/envout.bat It is possible to misuse them to make the remote server execute arbitrary commands...
CVE-1999-0854
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file...
CVE-1999-0951
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands...
Omnicron OmniHTTPd 1.12.4 Pro - Remote Buffer Overflow
Omnicron OmniHTTPd 1.12.4 Pro - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to t...
Omnicron OmniHTTPd 1.1/2.4 Pro - Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of bounds checking on a strcpy call...
OmniHTTPd imagemap.exe CGI Remote Overflow
The 'imagemap.exe' cgi is installed. This CGI is vulnerable to a buffer overflow that will allow a remote user to execute arbitrary commands with the privileges of your httpd server either nobody or root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
CVE-1999-0058
Buffer overflow in PHP cgi program, php.cgi allows shell access...
CVE-1999-0147
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands...
CVE-1999-0237
Remote execution of arbitrary commands through Guestbook CGI program...