There were 176 CVE entries or candidates at cve.mitre.org that matched our search on May 26, 2001. CVE version: 20010507. C9 stands for CVE-1999, C0 for CVE-2000 and C1 for CVE-2001; N9 stands for CAN-1999, N0 for CAN-2000, and N1 for CAN-2001.
| CVE No. | Description |
|---|---|
| C9--0021 | Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. |
| C9--0039 | Arbitrary command execution using webdist CGI program in IRIX. |
| C9--0058 | Buffer overflow in PHP cgi program, php.cgi allows shell access. |
| C9--0066 | AnyForm CGI remote execution |
| C9--0067 | CGI phf program allows remote command execution through shell metacharacters. |
| C9--0068 | CGI PHP mylog script allows an attacker to read any file on the target server. |
| C9--0146 | The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. |
| C9--0147 | The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands |
| C9--0148 | The handler CGI program in IRIX allows arbitrary command execution. |
| C9--0149 | The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
| C9--0172 | FormMail CGI program allows remote execution of commands. |
| C9--0173 | FormMail CGI program can be used by web servers other than the host server that the program resides on. |
| C9--0174 | The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| C9--0191 | IIS newdsn.exe CGI script allows remote users to overwrite files. |
| C9--0236 | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. |
| C9--0237 | Remote execution of arbitrary commands through Guestbook CGI program. |
| C9--0260 | The jj CGI program allows command execution via shell metacharacters. |
| C9--0262 | faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. |
| C9--0264 | htmlscript CGI program allows remote read access to files. |
| C9--0266 | The info2www CGI script allows remote file access or remote command execution. |
| C9--0270 | pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. |
| C9--0346 | CGI PHP mlog script allows an attacker to read any file on the target server. |
| C9--0608 | An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. |
| C9--0710 | cachemgr.cgi installed in a public web directory, allowing remote attackers to use it as an intermediary to connect to other systems. |
| C9--0753 | The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. |
| C9--0854 | Ultimate Bulletin Board stores data files in the cgi-bin directory |
| C9--0934 | classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. |
| C9--0935 | classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. |
| C9--0936 | BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. |
| C9--0937 | BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. |
| C9--0947 | test.bat, input.bat, input2.bat, and envout.bat allow remote attackers to execute commands via shell metacharacters. |
| C9--0951 | Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers to execute commands. |
| C0-0010 | WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. |
| C0-0012 | Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
| C0-0022 | Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. |
| C0-0023 | Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
| C0-0025 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. |
| C0-0039 | AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
| C0-0056 | IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. |
| C0-0063 | cgiproc allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| C0-0064 | cgiproc allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| C0-0117 | The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords |
| C0-0149 | Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. |
| C0-0192 | The default installation of rpm_query allows remote attackers to determine what packages are installed on the system. |
| C0-0207 | SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. |
| C0-0208 | The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
| C0-0255 | The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. |
| C0-0282 | TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. |
| C0-0287 | The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. |
| C0-0322 | The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. |
| C0-0332 | UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. |
| C0-0381 | The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter. |
| C0-0411 | Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. |
| C0-0421 | The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. |
| C0-0424 | The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. |
| C0-0435 | The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. |
| C0-0469 | Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| C0-0511 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. |
| C0-0521 | Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. |
| C0-0588 | SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. |
| C0-0622 | Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. |
| C0-0627 | BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. |
| C0-0639 | The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. |
| C0-0670 | The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. |
| C0-0674 | ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack. |
| C0-0677 | Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. |
| C0-0720 | news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program. |
| C0-0726 | CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. |
| C0-0782 | netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| C0-0868 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. |
| C0-0878 | The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field. |
| C0-0886 | IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. |
| C0-0900 | Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. |
| C0-0912 | MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. |
| C0-0921 | Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
| C0-0922 | Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. |
| C0-0923 | authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. |
| C0-0924 | Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter. |
| C0-0941 | Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. |
| C0-0944 | CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. |
| C0-0952 | global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. |
| C0-0977 | mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. |
| C0-1005 | Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
| C0-1014 | Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. |
| C0-1058 | Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem." |
| C0-1068 | pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter. |
| C0-1069 | pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters. |
| C0-1070 | pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information. |
| C0-1131 | Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. |
| C0-1132 | DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. |
| C1-0099 | bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. |
| C1-0100 | bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. |
| C1-0123 | eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter. |
| N9-0238 | php.cgi allows attackers to read any file on the system. |
| N9-0283 | The Java Web Server would allow remote users to obtain the source code for CGI programs. |
| N9-0287 | Vulnerability in the Wguest CGI program. |
| N9-0467 | wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. |
| N9-0509 | Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
| N9-0604 | An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. |
| N9-0605 | An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. |
| N9-0606 | An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. |
| N9-0607 | An incorrect configuration of the QuikStore shopping cart CGI program "quikstore.cgi" could disclose private information. |
| N9-0609 | An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. |
| N9-0610 | An incorrect configuration of the Webcart CGI program could disclose private information. |
| N9-0913 | dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. |
| N9-0983 | Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. |
| N9-0984 | Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. |
| N9-0985 | CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. |
| N0-0021 | Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
| N0-0054 | search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. |
| N0-0074 | PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. |
| N0-0122 | Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. |
| N0-0177 | DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters. |
| N0-0187 | EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. |
| N0-0188 | EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. |
| N0-0213 | The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters. |
| N0-0243 | Buffer overflow in AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. |
| N0-0288 | Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable. |
| N0-0422 | Buffer overflow in DMailWeb CGI program allows attackers to execute arbitrary commands via a long utoken parameter. |
| N0-0423 | Buffer overflow in DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag. |
| N0-0473 | Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory. |
| N0-0526 | mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| N0-0527 | userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| N0-0564 | The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter. |
| N0-0590 | Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. |
| N0-0686 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. |
| N0-0687 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. |
| N0-0688 | Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter. |
| N0-0689 | Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter. |
| N0-0690 | Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. |
| N0-0696 | The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGi scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script. |
| N0-0832 | Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter. |
| N0-0835 | search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query paramater. |
| N0-0877 | mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. |
| N0-0906 | Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. |
| N0-0940 | Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. |
| N0-1023 | The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. |
| N0-1092 | loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter. |
| N0-1110 | document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. |
| N0-1161 | The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases. |
| N0-1176 | Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field. |
| N0-1186 | Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. |
| N1-0022 | simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. |
| N1-0023 | everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. |
| N1-0024 | simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. |
| N1-0025 | ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. |
| N1-0074 | Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter. |
| N1-0075 | Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter. |
| N1-0076 | register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed. |
| N1-0086 | CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter. |
| N1-0133 | The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords. |
| N1-0135 | The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. |
| N1-0173 | Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header. |
| N1-0180 | Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter. |
| N1-0200 | HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled. |
| N1-0210 | Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
| N1-0211 | Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. |
| N1-0214 | Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. |
| N1-0224 | Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. |
| N1-0231 | Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. |
| N1-0232 | newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. |
| N1-0253 | Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. |
| N1-0271 | mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters. |
| N1-0291 | Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. |
| N1-0305 | Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter. |
| N1-0307 | Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. |
| N1-0329 | Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. |
| N1-0333 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. |
| N1-0360 | Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitary files via a .. (dot dot) attack in the helpon parameter. |
| N1-0400 | nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. |
| N1-0420 | Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. |
| N1-0432 | Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. |
| N1-0436 | dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. |
| N1-0461 | template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi. |
| N1-0463 | Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. |
| N1-0476 | Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl paramater. |
| /cgi-bin/handler;Handler remote r00t | |
| /cgi-bin/test-cgi;Remote dir browsing | |
| /cgi-bin/nph-test-cgi;Remote dir browsing | |
| /cgi-bin/phf;Classic remote r00t | |
| /cgi-bin/phf.pp;Classic remote r00t | |
| /cgi-bin/phf.cgi;Classic remote r00t | |
| /cgi-bin/websendmail;'passwd' retrieve | |
| /cgi-bin/php;PHP CGI gate code exec | |
| /cgi-bin/perl.exe;if the admin was a lamer | |
| /cgi-bin/wwwboard.pl;Matt Wright board w/tags | |
| /cgi-bin/www-sql;CC's database gate | |
| /cgi-bin/view-source;any file downloading/viewing | |
| /cgi-bin/AT-admin.cgi;search engine soupervisor | |
| /cgi-bin/wwwadmin.pl;Matt Wright board admin | |
| /cgi-bin/formmail.pl;@ny file retrieval | |
| /cgi-bin/sendform.cgi;@ny file retrieval | |
| /cgi-bin/maillist.pl;@ny file retrieval | |
| /iisadmpwd/achg.htr;IIS web password change | |
| /iisadmpwd/aexp.htr;IIS web password change | |
| /iisadmpwd/aexp2.htr;IIS web password change | |
| /iisadmpwd/aexp2b.htr;IIS web password change | |
| /iisadmpwd/aexp3.htr;IIS web password change | |
| /iisadmpwd/aexp4.htr;IIS web password change | |
| /iisadmpwd/aexp4b.htr;IIS web password change | |
| /iisadmpwd/anot.htr;IIS web password change | |
| /iisadmpwd/anot3.htr;IIS web password change | |
| /msadc/Samples/SELECTOR/showcode.asp;IIS file view | |
| /_AuthChangeUrl?;IIS acdg.htr mapping | |
| /_AuthChangeUrl?;IIS acdg.htr mapping | |
| /....../autoexec.bat;PWS under Winnows95/98 | |
| /_AuthChangeUrl?;IIS acdg.htr mapping | |
| /scripts/fpcount.exe;IIS coutner d.o.s. | |
| /scripts/cgimail.exe;NT sam._ retrieval | |
| /scripts/tools/newdsn.exe;IIS remote file creation | |
| /scripts/tools/getdrvs.exe;IIS remote file creation | |
| /cgi-bin/bnbform.cgi;any phile reading | |
| /cgi-bin/survey.cgi;code execution on server | |
| /domcfg.nsf/?open;Lot0us n0utes config change | |
| /cgi-bin/count.cgi;remote execution of code | |
| /cgi-bin/guestbook.cgi;SSI code exec | |
| /cgi-bin/aglimpse;exec code with http rights | |
| /cgi-bin/finger?@localhost;User data retrieval | |
| /cgi-bin/jj;escape to shell | |
| /cgi-bin/man.sh;remote code exec and data retrieving | |
| /cgi-bin/webdist.cgi;IRIX remote exec | |
| /cgi-bin/wrap.cgi;IRIX remote exec | |
| /cgi-bin/handler.cgi;IRIX remote exec | |
| /cgi-bin/day5datacopier.cgi;IRIX remote exec | |
| /cgi-bin/day5datanotifier.cgi;IRIX remote exec | |
| /cgi-bin/pfdisplay.cgi;IRIX file reading | |
| /perl/files.pl;Nowell WS 3,4.x file reading | |
| /scripts/convert.bas;Nowell WS remote file reading | |
| /cgi-bin/dumpenv.pl;Sambar envo reading | |
| /cgi-bin/upload.pl;Sambar server upload explo | |
| /session/adminlogin?RCpage=/sysadmin/index.stm;Sambar r00ting | |
| /cgi-bin/campas;remote file reading | |
| /cgi-bin/textcounter.pl;Command execution as httpd | |
| /cgi-bin/view-source;any file reading | |
| /cgi-bin/webgais;any command execution | |
| /cgi-bin/htmlscript;any file reading | |
| /cgi-win/uploader.exe;Website 1.x classic | |
| /cgi-win/uploader.exe;Website 1.x classic | |
| /cgi-dos/args.cmd;Website 1.x CMD exec | |
| /cgi-dos/args.bat;Website 1.x CMD exec | |
| /cgi-bin/nph-publish;File modification | |
| /cgi-bin/faxsurvey;Command execution | |
| /~root;If admin is a lamer | |
| /_vti_pvt/users.pwd;FrontPage extention | |
| /_vti_pvt/administrators.pwd;FrontPage extention | |
| /_vti_pvt/shtml.dll;FrontPage extention | |
| /_vti_pvt/shtml.exe;FrontPage extention | |
| /cfdocs/expelval/openfile.cfm;ColdFusion vulnerability | |
| /cfdocs/expelval/exprcalc.cfm;ColdFusion vulnerability | |
| /cfdocs/expelval/displayopenedfile.cfm;ColdFusion vulnerability | |
| /cfdocs/expelval/sendmail.cfm;Any file retrieving from CF | |
| /search97.vts;Any file reading | |
| /?PageServices;From Surgeon |