13 matches found
Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads to a failure to properly filte...
Leif M. Wright everythingform.cgi 2.0 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied input to the 'config' field. As a...
Leif M. Wright simplestguest.cgi 2.0 - Remote Command Execution Vulnerability
No description provided by source...
CVE-2006-0844
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie...
CVE-2006-0843
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...
CVE-2006-0844
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie...
CVE-2006-0843
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...
CVE-2006-0845
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname...
[SA18923] Leif M. Wright's Blog Multiple Vulnerabilities
TITLE: Leif M. Wright's Blog Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18923 VERIFY ADVISORY: http://secunia.com/advisories/18923/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Leif M...
CVE-2004-2347
The CVE-2004-2347 entry applies to Leif M. Wright Web Blog (blog.cgi) versions 1.1 and 1.1.5. The vulnerability arises in the ViewFile request’s file parameter, where shell metacharacters (e.g., |) enable remote command execution. Impact is remote arbitrary commands executed with the web server u...
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...
Leif M. Wright simplestguest.cgi 2.0 - Remote Command Execution
source: https://www.securityfocus.com/bid/2106/info A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script designed to coordinate guestbook submissions from website visitors. An insecure call to the open function leads to a failure to properly filter shell metacharacters from user...
Leif M. Wright - 'ad.cgi' 1.0 Unchecked Input
source: https://www.securityfocus.com/bid/2103/info ad.cgi is an ad rotation script freely available, and written by Leif Wright. A problem exists in the script which may allow access to restricted resources. The problem occurs in the method in which the script checks input. Due to insufficent...