SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "sysinfo.cgi 1.21 remote cmmnds xctn \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: inurl:sysinfo.cgi ext:cgi\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0...

CVE-2004-2101

The CVE-2004-2101 issue affects the GeoHttpServer’s sysinfo script. An attacker can remotely trigger a denial of service (crash) by sending an excessively long pwd parameter, which may lead to a buffer overflow. This is documented across multiple sources (NVD/CVE records). No explicit remediation...

CVE-2003-1062

CVE-2003-1062 affects Solaris SYSINFO(2) on SPARC 2.6–9 and x86 2.6,7,8. A local attacker can read kernel memory by exploiting a 0 variable count argument in sysinfo(2), where copyout uses a -1 argument (described as an integer underflow/overflow). The provided sources do not specify a patch vers...

CVE-2004-2101

The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service crash via a long pwd parameter, possibly triggering a buffer overflow...