15 matches found
EUVD-2002-1881
Malware in sbrugna...
EUVD-2000-1156
Malware in sbrugna...
Markus Triska CGIForum 1.0 "thesection" Directory Traversal Vulnerability
No description provided by source. source : http://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the thesection parameter. If a...
CGIForum远程目录遍历漏洞
BugCVE: CVE-2000-1171 BUGTRAQ: 1963 DC Scripts DCForum是一个商业版CGI脚本,用于在线WWW方式讨论。DCForum实现上存在输入验证漏洞,远程攻击者可以利用此漏洞遍历服务器目录。 DC Scripts DCForum未能正确检查来自用户输入的 thesection 变量值,利用 ../ 攻击方式,远程攻击者可以利用一个精心准备的URL请求导致脚本遍历服务器根目录,进而获取敏感信息。所能访问的文件取决于Web服务器当前启动的用户身份,一般是nobody。 1.0 临时解决方法:...
CVE-2002-1902
CVE-2002-1902 affects CGIForum 1.0–1.05. The vulnerability allows remote attackers to cause a denial of service via infinite recursion by creating a forum post that is a child of an outdated parent. Affected software is CGIForum’s web-based message board component; root cause appears to be unboun...
CVE-2002-1902
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service infinite recursion by creating a message board post that is a child of an outdated parent...
Issues In CGINews and CGIForum
Vendor : Markus Triska URL : http://triskam.virtualave.net/cginews.html Version : 1.07 And Possible Earlier & CGIForum 1.09 Risk : Weak Encryption & Info Disclosure Description: CGINews is a multi-user Web site news posting system written in Perl. Main features include: adding, updating, and...
CVE-2002-1902
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service infinite recursion by creating a message board post that is a child of an outdated parent...
CVE-2000-1171
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. dot dot attack in the "thesection" parameter...
CVE-2000-1171
The CVE-2000-1171 issue affects CGIForum 1.0’s cgiforum.pl (thesection parameter) where insufficient input validation allows directory traversal. An attacker can craft a URL (e.g., ?thesection=../../../../etc/passwd) to access files on the web server, with the accessible scope limited by the web ...
cgiforum-1.0.txt
Hi, Date: 2000/11/20 Affected Application: CGIForum 1.0 http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz Markus Triska CGIForum is a free forum. We can set 'thesection' parameter to view files on the vulnerable system with privileges of the user "nobody". This is caused from...
CGIForum 1.0 Vulnerability
Hi, Date: 2000/11/20 Affected Application: CGIForum 1.0 http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz Markus Triska [email protected] CGIForum is a free forum. We can set 'thesection' parameter to view files on the vulnerable system with privileges of the user "nobody". This is...
Дырка в CGIForum
Обратный путь в директориях позволяет доступ к любым файлам...
CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access
The 'cgiforum.pl' CGI is installed. This CGI has a well known security flaw that could let a remote attacker read arbitrary files on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10552;...
Markus Triska CGIForum 1.0 - 'thesection' Directory Traversal
source : https://www.securityfocus.com/bid/1963/info CGIForum is a commercial cgi script from Markus Triska which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input to the "thesection" parameter. If an attacker supplies a...