Lucene search
K

108 matches found

Packet Storm
Packet Storm
added 2003/11/25 12:0 a.m.22 views

commerceSQL.txt

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/11/25 12:0 a.m.32 views

[CommerceSQL] Remote File Read Vulnerability

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

1.4AI score
Exploits0
CVE
CVE
added 2003/06/11 4:0 a.m.100 views

CVE-2003-0416

CVE-2003-0416 affects Bandmin 1.4: the index.cgi component is vulnerable to cross-site scripting via (1) year or (2) month in showmonth, or (3) host in showhost. Root cause is improper handling of user-supplied input leading to arbitrary HTML/script insertion. Impact: potential theft of cookies o...

6.8CVSS5.9AI score0.04265EPSS
Exploits1References3Affected Software1
exploitpack
exploitpack
added 2002/11/29 12:0 a.m.19 views

Boozt Standard 0.9.8 - index.cgi Buffer Overrun

Boozt Standard 0.9.8 - index.cgi Buffer Overrun // source: https://www.securityfocus.com/bid/6281/info A vulnerability has been discovered in Boozt. By passing a malicious parameter of excessive length to the index.cgi script, it is possible to overrun a buffer. This could be exploited by a remot...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/11/29 12:0 a.m.28 views

Boozt Standard 0.9.8 - 'index.cgi' Buffer Overrun

// source: https://www.securityfocus.com/bid/6281/info A vulnerability has been discovered in Boozt. By passing a malicious parameter of excessive length to the index.cgi script, it is possible to overrun a buffer. This could be exploited by a remote attacker to corrupt sensitive memory, which ma...

7.4AI score
Exploits0
NVD
NVD
added 2002/10/04 4:0 a.m.12 views

CVE-2002-1007

Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via 1 the courseid parameter in a link to login.pl, 2 the CTID parameter in ProcessInfo.cgi, or 3 the Message parameter in index.cgi...

7.5CVSS7AI score0.0279EPSS
Exploits1References3
CVE
CVE
added 2002/06/25 4:0 a.m.39 views

CVE-2002-0098

CVE-2002-0098 describes a buffer overflow in Boozt AdBanner’s index.cgi admin interface of Boozt! Standard 0.9.8. The vulnerability occurs when a long banner creation name is copied into internal arrays, allowing local arbitrary code execution or a crash. Connected sources cite a CVSS v2 base sco...

7.5CVSS7.5AI score0.06881EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2002/03/25 5:0 a.m.10 views

CVE-2002-0098

Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner...

7.5CVSS7.4AI score0.06881EPSS
Exploits1References5
Rows per page
Query Builder