669 matches found
phf CGI Script fails to guard against newline characters
Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...
CVE-2000-0868
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/...
CVE-2000-0878
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable...
Informix webdriver CGI Unauthenticated Database Access
The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...
YaBB 9.11.2000 - search.pl Arbitrary Command Execution
YaBB 9.11.2000 - search.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input...
CVE-2000-0063
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script...
Дырка в thttpd (ssi CGI file retrieval)
Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...
Moreover CGI script - File Disclosure
Moreover CGI script - File Disclosure source: https://www.securityfocus.com/bid/1762/info The 'cachedfeed' CGI script supplied by newsfeed vendor Moreover.com contains a file-disclosure vulnerability. The script's 'obtainfile' function, designed to return the contents of a specified file for...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution
source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on the...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and Setup Variables Can Be Viewed Through DBMan db.cgi Script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch...
CVE-2000-0187
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. dot dot attack or execute commands via shell metacharacters...
CVE-2000-0187
EZShopper 3.0 contains directory traversal in loadpage.cgi (and related scripts per Nessus data) that allows remote attackers to read arbitrary files via .. traversal and may permit command execution via shell metacharacters. Affected component is EZShopper’s web CGI handling; root cause is impro...
CVE-2000-0105
The CVE concerns Outlook Express 5.01 and Internet Explorer 5.01. A remote attacker can view a user’s email messages through a script that accesses a variable referencing subsequent messages read by the client. The explicit root cause is a scripting reference that exposes subsequent messages to a...
Zeus Web Server 3.x - Null Terminated Strings
Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...
AltaVista Intranet Search CGI query Traversal Arbitrary File Access
It is possible to read the content of any files on the remote host such as your configuration files or other sensitive data by using the Altavista Intranet Search service, and performing the request: %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Home Free search.cgi Traversal Arbitrary File Access
The remote web server contains a CGI script that fails to sanitize user input to the 'letter' parameter of the 'search.cgi' script of directory traversal sequences. An unauthenticated attacker can exploit this issue to read arbitrary files from the affected host, subject to the privileges under...