| | Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template. |
| | CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter. |
| | Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attacker to read portions of arbitrary files. |
| | search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. |
| | The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters. |
| | Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. |
| | ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. |
| | Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter. |
| | Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. |
| | Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters. |
| | Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. |
| | Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. |
| | Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter. |
| | dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. |
| | Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| | Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl paramater. |
| | Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi. |
| | Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attacker to gain sensitive information via a .. (dot dot) in the SHOW parameter. |
| | eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. |
| | generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. |
| | Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers to execute commands. |
| | Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file. |
| | Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter. |
| | AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. |
| | SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. |
| | The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
| | faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. |
| | htmlscript CGI program allows remote read access to files. |
| | FormMail CGI program allows remote execution of commands. |
| | The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| | CGI phf program allows remote command execution through shell metacharacters. |
| | test-cgi program allows an attacker to list files on the server |
| | AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
| | cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| | Arbitrary command execution using webdist CGI program in IRIX. |
| | The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. |
| | Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| | Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
| | Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. |
| | Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| | Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter. |
| | Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. |
| | book.cgi arbitrary command execution attempt |
| | Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. |
| | agora.cgi attempt |
| | csSearch.cgi arbitrary command execution attempt |
| | loadpage.cgi directory traversal attempt |
| | pfdispaly.cgi arbitrary command execution attempt |
| | faqmanager.cgi arbitrary file access attempt |
| | talkback.cgi directory traversal attempt |
| | /cgi-bin/ access |
| | /cgi-dos/ access |
| | technote main.cgi file directory traversal attempt |
| | Allaire Pro Web Shell attempt |
| | Armada Style Master Index directory traversal |
| | Talentsoft Web+ exploit attempt |
| | campus attempt |
| | bizdbsearch attempt |
| | txt2html.cgi directory traversal attempt |
| | sojourn.cgi File attempt |
| | mrtg.cgi directory traversal attempt |
| | overflow.cgi access |
| | way-board.cgi access |
| | album.pl access |
| | ikonboard.cgi access |
| | sojourn.cgi access |
| | ax-admin.cgi access |
| | axs.cgi access |
| | responder.cgi access |
| | web-map.cgi access |
| | ministats admin access |
| | txt2html.cgi access |
| | spin_client.cgi access |
| | cgicso access |
| | cart.cgi access |
| | vpasswd.cgi access |
| | alya.cgi access |
| | smartsearch.cgi access |
| | bizdbsearch access |
| | campus access |
| | cart32.exe access |
| | Poll-it access |
| | talkback.cgi access |
| | adcycle access |
| | MachineInfo access |
| | emumail.cgi NULL attempt |
| | emumail.cgi access |
| | faqmanager.cgi access |
| | /fcgi-bin/echo.exe access |
| | enivorn.pl access |
| | pfdispaly.cgi access |
| | ad.cgi access |
| | bbs_forum.cgi access |
| | bsguest.cgi access |
| | bslist.cgi access |
| | cgforum.cgi access |
| | newdesk access |
| | register.cgi access |
| | gbook.cgi access |
| | simplestguest.cgi access |
| | statusconfig.pl access |
| | loadpage.cgi access |
| | csSearch.cgi access |
| | agora.cgi access |
| | DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database. |
| | Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter. |
| | book.cgi access |
| | mailit.pl access |
| | sdbsearch.cgi access |
| | swc access |
| | upload.cgi access |
| | view_source access |
| | Bugzilla doeditvotes.cgi access |
| | Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. |
| | Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. |
| | webdriver access |
| | maillist.pl access |
| | NPH-publish access |
| | rwwwshell.pl access |
| | testcgi access |
| | test.cgi access |
| | wais.pl access |
| | environ.cgi access |
| | visadmin.exe access |
| | calendar access |
| | snorkerz.cmd access |
| | w3tvars.pm access |
| | admin.pl access |
| | LWGate access |
| | archie access |
| | flexform access |
| | www-sql access |
| | wwwadmin.pl access |
| | ppdscgi.exe access |
| | sendform.cgi access |
| | upload.pl access |
| | sendmessage.cgi access |
| | AHG search.cgi access |
| | MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template paramater. |
| | The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. |
| | Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. |
| | CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. |
| | YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. |
| | BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. |
| | The websendmail program in the Webgais program allows a remote user to access arbitrary files. |
| | AnyForm CGI remote execution |
| | cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| | The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). |
| | The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges. |
| | Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. |
| | Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. |
| | Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. |
| | The RedHat squid program installs cachemgr.cgi in a public web directory, allowing remote attackers to use it as an intermediary to connect to other systems. |
| | Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. |
| | cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. |
| | bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. |
| | Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
| | The Webgais program allows a remote user to execute arbitrary commands. |
| | The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
| | The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands. |
| | The info2www CGI script allows remote file access or remote command execution. |
| | pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. |
| | mSQL v2.0.1 and below allows remote execution through a buffer overflow. |
| | The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. |
| | The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
| | Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. |
| | Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script. |
| | ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. |
| | Remote execution of arbitrary commands through Guestbook CGI program. |
| | The jj CGI program allows command execution via shell metacharacters. |
| | WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. |
| | nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. |
| | The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. |
| | BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. |
| | BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. |
| | TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. |
| | ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. |
| | admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. |
| | The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter. |
| | CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. |
| | CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. |
| | List of arbitrary files on Web host via nph-test-cgi script |
| | The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands |
| | Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands by failing to validate shell meta characters. |
| | Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| | The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. |
| | Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. |
| | classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. |
| | The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. |
| | viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. |
| | Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10. |
| | Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. |
| | Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
| | mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters. |
| | PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. |
| | Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. |
| | newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. |
| | Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. |
| | Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). |
| | Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
| | Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. |
| | document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. |
| | WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. |
| | The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. |
| | The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters. |
| | php.cgi allows attackers to read any file on the system. |
| | The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. |
| | Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
| | Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. |
| | dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. |
| | SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. |
| | Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter. |
| | Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. |
| | Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files. |
| | LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. |
| | Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script. |
| | Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands. |
| | day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable to find the "cp" program, which allows local users to execute arbitrary commands by modifying the PATH to point to a Trojan horse cp program. |
| | nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl. |
| | perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. |
