CVE-1999-0039

webdist CGI program webdist.cgi in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter...

CVE-1999-0146

The CVE-1999-0146 entry refers to the campas CGI program shipped with some NCSA httpd servers. The root cause is improper sanitization of user input in the campas CGI, enabling an attacker to execute arbitrary commands via encoded carriage return characters in the query string, demonstrated by re...

EUVD-1999-0045

List of arbitrary files on Web host via nph-test-cgi script...

CVE-1999-0070

test-cgi program allows an attacker to list files on the server...

CVE-1999-0264

htmlscript CGI program allows remote read access to files...

CVE-1999-0173

FormMail CGI program can be used by web servers other than the host server that the program resides on...

CVE-1999-0346

The CVE-1999-0346 issue concerns PHP/FI environments with the mylog.html/mlog.html files vulnerable to arbitrary file read. Affected component: PHP/FI prior to 3.0 (mylog.html/mlog.html). Root cause: flaw in the mylog.html/mlog.html handling allows reading arbitrary files on the server. Impact: r...

CVE-1999-0068

The CVE-1999-0068 issue affects PHP/FI’s mylog.html/mlog.html handling, where an arbitrary file read vulnerability allows a remote attacker to read any file on the target server via CGI PHP mylog script. The OpenVAS entries corroborate PHP/FI as affected and suggest remediation by upgrading to ve...

CVE-1999-0174

Consolidated: CVE-1999-0174 is a traversal flaw in the view_source CGI that allows remote attackers to read arbitrary files via a .. sequence. Affected component: the view_source CGI program; root cause: directory traversal; impact: partial confidentiality. No patch/version details are provided i...

CVE-1999-0066

CVE-1999-0066 corresponds to a remote command execution vulnerability in the AnyForm CGI family. The Seebug entry describes AnyForm2 as vulnerable due to input validation flaws that pass unchecked user input to the SYSTEM call, enabling a remote attacker to execute arbitrary commands with the web...

CVE-1999-0021

CVE-1999-0021 affects Count.cgi (wwwcount) CGI-bin; remote buffer overflow in handling QUERY_STRING enables arbitrary command execution. Impact is Web server context with the program’s privileges. Affected version(s) include Count.cgi 2.3; remediation per sources is to upgrade to version 2.4 or l...

CVE-1999-0266

The CVE-1999-0266 issue affects the info2www CGI script, which can allow remote file access or remote command execution. The vulnerability arises from insufficient input filtering of shell meta-characters in early info2www versions, enabling an attacker to run arbitrary commands with the web serv...

CVE-1999-0266

The info2www CGI script allows remote file access or remote command execution...

CVE-1999-0068

CGI PHP mylog script allows an attacker to read any file on the target server...

CVE-1999-0346

CGI PHP mlog script allows an attacker to read any file on the target server...

NCSA 1.31.4.x1.5 Apache HTTPd 0.8.110.8.14 - ScriptAlias Source Retrieval

NCSA 1.31.4.x1.5 Apache HTTPd 0.8.110.8.14 - ScriptAlias Source Retrieval source: https://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI...

NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval

source: https://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias directory is defined under...

Test-Cgi Remote Command Execution (CVE-1999-0070)

The CGI program might be saved as the file "test.cgi" in the appropriate directory on a web server. Test-cgi program allows remote command execution. Remote attackers can exploit this vulnerability by passing a command as a parameter to the script which lists files on the server...

Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution

Excite for Webservers is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Versions newer than 1.1. are patched. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Glimpse HTTP aglimpse Arbitrary Command Execution

The remote web server is running GlipmseHTTP. The installed version suffers from a remote command execution vulnerability in the 'aglimpse' component. Note that we could not actually check for the presence of this vulnerability, and only checked for the existence of the 'aglimpse' CGI...