www-cgi-vulner.txt

Date: Mon, 9 Nov 1998 18:26:05 -0600 From: xnec To: [email protected] Subject: Several new CGI vulnerabilities INFO: After looking over the perl-CGI scripts on www.cgi-resources.com, I've discovered vulnerabilities in the following: 1. HAMcards Postcard script v1.0 Beta 2 www.hamnetcenter.com ...

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution

source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. Via the web...

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a...

Oracle Webserver PL/SQL Stored Procedure GET Request DoS

It was possible to make the remote web server crash by supplying a too long argument to the cgi /ews-bin/fnord. An attacker may use this flaw to prevent your customers to access your website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

CVE-1999-1378

dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files...

Web Server /cgi-bin Shell Access

The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the HTTP daemon. %NASLMINLEV...

Cognos Powerplay WE Multiple Information Disclosure Vulnerabilities

The CGI script ppdscgi.exe, part of the PowerPlay Web Edition package, is installed. Due to design problems as well as some potential web server misconfiguration PowerPlay Web Edition may serve up data cubes in a non-secure manner. Execution of the PowerPlay CGI pulls cube data into files in an...

IRIX wrap CGI Traversal Arbitrary Directory Listing

The 'wrap' CGI is installed. This CGI allows anyone to get a listing for any directory with mode +755. Note that not all implementations of 'wrap' are vulnerable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Multiple Vendor info2www CGI Arbitrary Command Execution

The 'info2www' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

IRIX handler CGI Arbitrary Command Execution

The 'handler' cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Multiple Vendor view_source CGI Traversal Arbitrary File Access

The 'viewsource' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik...

Sambar Server dumpenv.pl Information Disclosure

CGI script 'dumpenv.pl' is installed on the remote host. This CGI gives away too much information about the web server configuration, which will help an attacker. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

IRIX pfdispaly Arbitrary File Access

The 'pfdispaly' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

Multiple Vendor test-cgi Arbitrary File Access

The remote web server contains the 'test-cgi' test script, which is included by default with some web servers. The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERYSTRING', before echoing it back as part of a shell script. An...

Multiple Vendor jj CGI Arbitrary Command Execution

The 'jj' CGI is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Please note that Nessus only checked for the existence of this CGI, and did not attempt to exploit it. %NASLMINLEVEL 70300 C Tenable...

Web Server /cgi-bin Perl Interpreter Access

The 'Perl' CGI is installed and can be launched as a CGI. This is equivalent to giving a free shell to an attacker, with the http server privileges usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

WebGais websendmail CGI Arbitrary Command Execution

The 'websendmail' program, part of Webgais, appears to be installed on the remote host. This CGI script has a well-known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Multiple Web Server finger CGI Information Disclosure

The 'finger' CGI is installed. This can be used by a remote attacker to enumerate accounts on the system. Such information is typically valuable in conducting additional, more focused attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

IRIX webdist.cgi Arbitrary Command Execution

The 'webdist.cgi' CGI is installed. This script has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

O'Reilly WebSite uploader.exe Arbitrary File Upload

The remote web server contains a CGI script named 'uploader.exe' in '/cgi-win'. Versions of O'Reilly's Website product before 1.1g included a script with this name that allows an attacker to upload arbitrary CGI and then execute them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...