CVE-2002-0149

CVE-2002-0149 concerns a buffer overflow in the IIS ASP Server-Side Include (SSI) processing when handling long file names. The issue affects Microsoft IIS 4.0, 5.0 and 5.1, and can allow a remote attacker to crash the server or potentially execute arbitrary code via crafted SSI inputs. Multiple ...

Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via malformed server-side include directive

Overview A buffer overflow in the code that processes server-side include files on IIS 4.0 and IIS 5.0 could allow an intruder to execute code with the privileges of the web server. Description A buffer overflow exists in the code that processes server side include directives on IIS versions 4 an...

E-Guest 1.1 - Server Side Include Arbitrary Command Execution

E-Guest 1.1 - Server Side Include Arbitrary Command Execution source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in gues...

MakeBook 2.2 - Form Field Input Validation

MakeBook 2.2 - Form Field Input Validation source: https://www.securityfocus.com/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be...

Abe Timmerman - zml.cgi File Disclosure

Abe Timmerman - zml.cgi File Disclosure source: https://www.securityfocus.com/bid/3759/info zml.cgi is a perl script which can be used to support server side include directives under Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It...

NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-06 Topic: Microsoft IIS ssinc.dll Buffer Overflow Vulnerability Release DateЈє 2001-08-17 CVE CAN ID : CAN-2001-0506 BUGTRAQ ID : 3190 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact: ========= NSFOCUS Security Team has found a buff...

ssibug

ssi server sides include is a cgi proggie that comes by default with thttpd web server, I am not sure about others. ssi has a nasty bug with regards to the PATHTRANSLATED env var. As you can see the contents of PATHTRANSLATED get copied into pathtranslated which get's fopen'ed later. It does no...

CVE-1999-0561

CVE-1999-0561 affects IIS where the #exec function is enabled for Server Side Include (SSI) files. The root cause is the SSI #exec handling, enabling potential command execution. Affected product: IIS; vulnerability details and exploitation status are not fully provided in the supplied documents....

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...