CSNews csNews.cgi setup Parameter Code Execution - Ver2 (CVE-2002-1751)

A code execution vulnerability has been reported in Cgiscript.net Cslivesupport. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CSNews.cgi vulnerability

The CSNews.cgi exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the Web server. OpenVAS Vulnerability Test $Id: csnews.nasl 7175 2017-09-18 11:55:15Z...

CSNews.cgi Information Disclosure / Privilege Escalation Vulnerability - Active Check

The CSNews.cgi exists on this webserver. Some versions of this file are vulnerable to remote exploit. SPDX-FileCopyrightText: 2005 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CSNews.cgi Arbitrary File Access

Binary data 1632.prm...

CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval

The CSNews.cgi exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker can submit a specially crafted web form, which can display the 'setup.cgi' file that contains the superuser name and password. %NASLMINLEVEL 70300 This script was written by John...

CVE-2002-0924

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability...

CVE-2002-0924

CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability...

CVE-2002-0923

CVE-2002-0923 affects CGIScript.net csNews.cgi. Multiple OpenVAS/Nessus/NVD records indicate that some csNews.cgi deployments are vulnerable to remote access via the Advanced Settings parameters (pheader, pfooter), enabling reading of arbitrary files and potentially elevating privileges. The vuln...

CVE-2002-0922

The CVE-2002-0922 issue affects the CGIScript.net csNews.cgi CGI script. It allows remote attackers to obtain database files (default.db and default.db.style) via direct URL-encoded requests, and also permits remote authenticated users to perform administrative actions when a database parameter i...

CVE-2002-0923

CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the 1 pheader or 2 pfooter parameters in the "Advanced Settings" capability...

CVE-2002-0921

The CVE-2002-0921 vulnerability affects CGIScript.net csNews.cgi, where the viewnews command against an invalid database may cause error messages to reveal sensitive information such as the full server pathname and configuration settings. The available sources (NVD/CVE entries) describe the infor...

CVE-2002-0924

CVE-2002-0924 affects CGIScript.net’s csNews.cgi. The vulnerability allows remote authenticated users to execute arbitrary Perl code by injecting terminating quotes and metacharacters into text fields under the “Advanced Settings” capability. The CVSS metrics in the provided document indicate net...