Index:
add-subject.php |
article.php |
bbd |
bizdb1-search.cgi |
Bonsai |
cart32.exe |
CSMailto.cgi |
csChatRBox.cgi |
csGuestbook.cgi |
csLiveSupport.cgi |
csNews.cgi |
csSearch.cgi |
CWMail.exe |
db2www |
ddicgi.exe |
dsgw |
emurl/RECMAN.dll |
excite |
filemanager.asp |
FtpSaveCSP.dll |
FtpSaveCVP.dll |
genhtml.pl |
guestbook |
guestbook.cgi |
helpwin |
Linksys |
login.gas.bat |
mailattach.php |
ncommerce3 |
openwebmail.pl |
pbserver.dll |
phpBB |
pi |
piranha |
post-query |
query.asp |
query.idq |
register.dll |
rwcgi60 |
site/eg/source.asp |
smb2www.pl |
statsconfig.pl |
susesearch.cgi |
search97cgi/vtopic |
upload.cgi |
w3-msql |
wais.pl |
webc.cgi |
webnews.exe |
webplus |
webshell |
websync.exe |
wwwwais
piranha/secure/passwd.php3:
CAN 2000-0248
CVE 2000-0322
Piranha is a utility which comes with Red Hat Linux for administering the
Linux Virtual Server. It comes with a default backdoor password which
could allow unauthorized access to the Graphical User Interface (GUI).
By exploiting vulnerabilities in the tools that come with the GUI, an
attacker who knows the backdoor password could execute arbitrary commands
on the server. Any server which has piranha-gui 0.4.12 installed, which
is the default for Red Hat 6.2, is vulnerable.
Resolution:
Upgrade the piranha-gui package to version 0.4.13-1 or higher.
(Reference)
cart32.exe:
CAN 2000-0429
This program is part of Cart 32, an E-Commerce Shopping Cart application.
By default, it has a backdoor password of "wemilo". An attacker who
knows this password could view a list of client passwords using an
undocumented URL such as http://hostname/scripts/cart32.exe/cart32clientlist.
The hashed client passwords could be used to execute arbitrary commands
on the server using a specially crafted URL.
Resolution:
emurl/RECMAN.dll:
Using a hex editor, change the backdoor password (found at 0x6204h)
to something else. Also change the permissions on c32web.exe
so that it is only accessible by administrators. This will prevent
unauthorized users from executing arbitrary commands using a specially
crafted URL. Alternatively, apply the patch developed by
L0pht.
(Reference)
CVE 2000-0397
SeattleLab's Emurl
2.0 and earlier versions authenticate users
with a simple ASCII encoding scheme based on the user's login name.
This makes it possible to read other users' mail, reconfigure their
accounts, or steal their POP passwords.
Resolution:
guestbook:
Replace Emurl
with a version higher than 2.0.
(Reference)
CVE 1999-0237
Selena Sol's guestbook CGI program could allow an
attacker to execute arbitrary commands on the server if
server side includes are enabled.
Resolution:
Disable server side includes. If this is not possible,
or for additional security protection, make the following changes
to the guestbook setup file:
guestbook.cgi:
Resolution:
excite:
Delete cgi-sys/guestbook.cgi
and remove set-userid privileges from
base/openwebmail/oom, or upgrade to
Cpanel 6 or higher.
(Reference)
CVE 1999-0279
Excite for Web Servers
does not sufficiently check
queries for special characters before passing them to
a shell. It is possible for a remote attacker to execute
arbitrary commands on the server by exploiting this condition.
Excite 1.1 for either Unix or Windows NT is affected by this
vulnerability if patches have not been applied after 1/16/98.
Resolution:
site/eg/source.asp:
Install the
patch.
(Reference)
CVE 2000-0628
Apache::ASP
comes with a sample script which can be exploited to write
to files in the same directory as the script. Versions
prior to 1.95 are vulnerable.
Resolution:
w3-msql:
Either delete the script, or upgrade to
Apache::ASP
version 1.95 or higher.
(Reference)
CVE 2000-0012
Mini SQL
has a buffer overflow condition which could allow a remote attacker
to execute arbitrary commands on the server. Versions 2.0.4.1 through
2.0.11 for Unix and Linux are affected by this vulnerability.
Resolution:
wais.pl:
Apply the patch which can be found in the
X-Force
Advisory.
(Reference)
This script is a web interface to the waisq
client. A vulnerability in wais.pl could allow a remote user
to set command-line options through input parameters, thereby
overwriting files on the server. This vulnerability also
exposes a buffer overflow condition in waisq.
Resolution:
In waisq.pl, change @query to $pquery
at the end of the line that begins with "open(WAISQ".
As an additional precaution,
recompile waisq with the following change
in the source code:
char pathname[MAX_FILENAME_LEN+1];to
char pathname[MAX_FILENAME_LEN*2+1];
ddicgi.exe:
Resolution:
db2www:
Contact Mobius for
a patch.
(Reference)
CVE 2000-0677
This program is part of the Net.Data application, which
is used for web development. A buffer overflow in the processing
of the PATH_INFO environment variable could allow an attacker
to execute arbitrary code.
Resolution:
search97cgi/vtopic:
Download and install the
fix
for your operating system.
(Reference)
CVE 2000-1014
This file is the search function used by the SCO
UnixWare 7 scohelphttp web server. Due to a format string
vulnerability, an attacker could execute arbitrary commands
on the server with the privileges of the nobody user.
Resolution:
webplus:
Disable the web server which runs on port 457, or apply
the workaround described in
Bugtraq.
(Reference)
This script is part of the Web+ web application
server. A vulnerability in the script could allow a remote
attacker to view the source code of WML files, and possibly ASP files, by
appending the string "::$DATA" to the URL.
Additionally, the webping sample script could allow a remote
attacker to view arbitrary files in the Linux version.
3/7/02
CAN 2002-0449
Web+ is also affected by two buffer overflow problems. Firstly, user input
to the webplus program is passed to the
system service webpsvc.exe without checking the length,
thus allowing a remote attacker to overwrite the return pointer
within webpsvc.exe and execute arbitrary commands.
4/29/02
CAN 2002-0753
The second buffer overflow is in the processing of
cookies. By supplying a very long, specially crafted cookie, a remote
attacker could execute arbitrary commands.
Resolution:
Big Brother:
Upgrade to version 4.6, build 561 or higher, or version
5.0, build 554 or higher, and install the security patch.
Remove all sample scripts. Upgrades and patches are available
from TalentSoft.
(Reference)
CVE 2000-0639
CVE 2000-0978
A vulnerability in Big Brother could allow
a remote attacker to execute arbitrary commands on the server by
creating a file on the server and then going to the file
in a web browser. A second vulnerability could allow a
remote attacker to execute arbitrary code by sending
specially crafted input to the server.
Resolution:
Directory Services Gateway (dsgw):
The workaround
for the first vulnerability is to implement access
restrictions in the $BBHOME/etc/security file.
This file is not enabled by default. The solution for the
second vulnerability is to implement the workaround posted
to Bugtraq
or upgrade to Big Brother version 1.5c2 or higher.
CVE 2000-1075
CVE 2001-0164
A buffer overflow condition in Netscape/iPlanet
Directory Server 4.12 and
Certificate Management System 4.2 could allow a remote
attacker to execute arbitrary code or create a denial of service.
A separate buffer overflow in Directory Server 4.11 and 4.12 could
also allow a remote attacker to execute arbitrary code or create a
denial of service.
Resolution:
pbserver.dll:
Upgrade to Directory Server 4.13 through the
iPlanet Support Channel.
(Reference)
CVE 2000-1089
Microsoft PhoneBook Server is an optional component
of IIS 4 and 5. A buffer overflow condition could allow
an attacker to execute arbitrary code with the privileges
of IUSR_machinename with IIS 4 or
IWAM_machinename with IIS 5.
Resolution:
statsconfig.pl:
Apply a patch referenced in
Microsoft Security Bulletin MS 00-094.
(Reference)
CAN 2001-0113
CAN 2001-0114
This script comes with
OmniHTTPd. Due to a lack of parameter checking in the
cgidir and mostbrowsers
variables, a remote attacker could corrupt any file on
the system, or inject arbitrary code into /cgi-bin/stats.pl,
which can then be executed by calling the script from a
browser. OmniHTTPd version 2.07 and possibly other versions
are vulnerable.
Resolution:
wwwwais:
Remove this script and any other unneeded scripts
in the cgi-bin directory.
(Reference)
CAN 2001-0223
This script is a web interface to the popular WAIS
search engine. A buffer overflow condition could allow
a remote attacker to execute arbitrary code by sending
a specially crafted query string.
Resolution:
Remove this script or make the following changes
to wwwwais.c and re-compile:
strcpy(argstr, argp);
strncpy(argstr, argp, MAXSTRLEN);
strcpy(argstr, query_string);
strncpy(argstr, query_string, MAXSTRLEN);
pi:
Resolution:
post-query:
Contact PlanetIntra
for a patch.
(Reference)
CAN 2001-0291
This is a simple C program for processing POST
data from HTML forms. A buffer overflow
condition could allow a remote attacker to execute arbitrary
code on the server.
However, in order for this vulnerability to be exploited
there would need to be a large amount
of physical or virtual memory on the server, and the operating
system would need to allow the program to allocate the needed
memory.
Resolution:
Linksys network devices:
Remove cgi-bin/post-query from the
web server. It is a sample program which serves no
practical purpose.
(Reference)
CAN 2002-1312
Linksys Group Inc. produces various
networking devices (including cable/DSL routers) which provide a remote
administration and configuration interface using HTTP. The HTTP server
embedded in the firmware of these devices contains several exploitable
vulnerabilities, some of which may allow an attacker to gain control of
or reboot the appliance.
Resolution:
ncommerce3/*:
Linksys recommends that you download the latest firmware for your product. If a fix is not yet available
for your product, you should (a) disable "Remote Management" to restrict access
to the local network and (b) change the Remote Management port on Linksys
devices that allow you to do so.
(Reference)
IBM's Net.Commerce and WebSphere applications encrypt
user passwords using TripleDES. Unless the encryption
key was changed from the default, these passwords can be
easily decrypted. Furthermore, users can be enumerated and
encrypted passwords can be retrieved using specially crafted
queries. The combination of the above vulnerabilities could allow
a remote attacker to gain access with administrator privileges.
All Net.Commerce 3.1 and 3.2 versions and WebSphere Commerce Suite version 4.1 are affected by this vulnerability if the MERCHANT_KEY has not been changed from the default. Versions 5.1 and later are not affected.
Resolution:
websync.exe:
Resolution:
query.asp, query.idq:
Install the patch released by Crosswind
or upgrade to any version released after February, 2001.
(Reference)
This file is the search script for Microsoft Index Server.
There are two vulnerabilities. The first is
a buffer overflow, which could allow an attacker to crash the service
or execute arbitrary commands with Local System privileges. An
attacker would need to be able to authenticate to the server in
order to exploit the vulnerability. This vulnerability only affects
Index Server 2.0 which comes with Windows NT 4.0 Option Pack, and
is not enabled by default.
CVE 2000-0097
The second vulnerability affects Index Server's hit-highlighting
feature. Due to insufficient parameter checking, this feature
could be exploited to view any file on the same logical drive as
the web server. This vulnerability affects Index Server 2.0 and
Indexing Services for Windows 2000.
Resolution:
FtpSaveCSP.dll, FtpSaveCVP.dll:
Apply the patches recommended in Microsoft Security Bulletins
00-006 and
01-025.
(Reference)
CAN 2001-0761
CAN 2001-0791
Several administrative programs for the Trend Micro
InterScan VirusWall and
InterScan WebManager
for Windows NT have buffer overflow problems. Affected programs include
FtpSave.dll,
FtpSaveCSP.dll,
FtpSaveCVP.dll,
HttpSave.dll,
HttpSaveCSP.dll,
HttpSaveCVP.dll,
smtpscan.dll, and
RegGo.dll.
A remote attacker could execute
arbitrary commands with System privileges by exploiting
the vulnerabilities in any of the affected programs. Trend
Micro InterScan VirusWall 3.51 and InterScan WebManager 1.2 are
affected by these vulnerabilities.
Resolution:
register.dll:
At the time of this writing, patches are available for
some of the programs but not others. Access to the server by non-administrative
users should be denied until fixes can be applied for
all of the affected programs or until the next release of
InterScan VirusWall or InterScan WebManager can be installed.
(Reference)
9/17/01
CAN 2001-0958
This script is part of the Trend Micro
InterScan eManager,
an optional plug-in for InterScan
VirusWall which allows for management of mail delivery,
message content, and spam filtering. This script and a number
of other scripts which are part of eManager contain buffer
overflow conditions which could be used to execute arbitrary
code remotely. InterScan eManager version 3.51 and 3.51J for
Windows NT and possibly earlier versions are affected by this
vulnerability.
Resolution:
article.php:
A patch for eManager 3.51 will be released shortly.
Install the patch when it becomes available.
(Reference)
3/26/02
This script (which can only be accessed through
modules.php) is part of the PHP Nuke
and PostNuke packages.
Due to an inconsistency in verifying the user's identification,
it is possible for a user with an account on the system to
view another user's data by injecting SQL commands and modifying the user name
in his or her own cookie. PHP Nuke 5.0 through 5.5 and Post-Nuke
0.62 though 0.70 are affected.
10/24/01
A second vulnerability affecting article.php and mainfile.php
(or mainfile2.php) could allow an attacker
who is able to determine another user's username and user ID to log into
that user's account without supplying a password. The username and user ID
can usually be found in the member list. PostNuke 0.62, 0.63, and 0.64 is
affected by this vulnerability. PHP Nuke 5.2 and earlier are likely to
be affected as well.
Resolution:
Upgrade to PostNuke 0.71
or higher. There is no fix available for PHP Nuke at this time.
It is unknown whether the next release of PHP Nuke will contain
a fix.
The second problem can be fixed by applying the changes described in
Bugtraq.
(Reference)
helpwin.gas.bat:
11/8/01
CAN 2001-0853
This script comes with the Entrust
GetAccess web security application. By supplying parameters
containing special characters and the "../" sequence,
a remote attacker could read arbitrary files with GetAccess
permissions. This vulnerability could be exploited to gain sensitive
information from GetAccess configuration files, which could
lead to unauthorized access.
Resolution:
login.gas.bat:
Remove the script from the server. If the script is
needed then see
Entrust Bulletin E01-005 for patch information.
(Reference)
CAN 2001-1024
This is another script that comes with the Entrust
GetAccess web
security application. Due to insufficient checking of the
-classpath argument in this and other
GetAccess scripts, it could be possible to remotely run
arbitrary Java code. Exploitation of this vulnerability
would require the ability to upload Java classes, or an
exploitable Java class to already exist on the server.
Resolution:
genhtml.pl, susesearch.cgi:
This problem has presumably been fixed in the current version. See the
Entrust security note.
(Reference)
11/30/01
1/24/03
CVE 2001-0918
These scripts are part of the susehelp package, a web-based
help system for users of the SuSE Linux operating system.
Due to insufficient checking of input parameters in these
and other scripts, it could be
possible for a remote attacker to execute arbitrary commands.
The susehelp package prior to 2002.09.05-51 on SuSE 8.1,
prior to 2001.09.06-110 on SuSE 7.3, and
prior to 2001.05.14-41 on SuSE 7.2, are affected by this vulnerability.
Resolution:
filemanager.asp:
Install an updated susehelp package. See SuSE Security
Announcements
2001:041 and
2003:005
for update information.
(Reference)
1/9/02
CAN 2002-0465
This script is part of Hosting
Controller, an administrative hosting package for Windows.
It allows a user to manage files in the user's own account.
However, by providing input containing the dot-dot-slash (../)
string, it is possible to read, delete, or upload arbitrary files on
the server. This vulnerability also allows an attacker to
execute arbitrary commands by placing the commands into
an .asp file, uploading the file into an
existing domain, and calling the file from a web browser.
Since the dsp_newwebadmin.asp script allows
unauthorized users to create Hosting Controller accounts,
an attacker would not need access to an existing account in
order to exploit this vulnerability.
Hosting Controller versions 1.4.1 and earlier are affected by this vulnerability.
Resolution:
CWMail.exe:
Contact the vendor for a fix.
(Reference)
2/20/02
CAN 2002-0273
This program is the main executable for
NetWin Ltd's CWMail
on Windows platforms. CWMail is a fully featured web-based e-mail solution for
institutions or ISPs. After a successful logon, selecting the forward (mail)
option and filling the parameter 'item=' with a large string of characters
causes an access violation. This overwrites the saved return address, allowing
remote execution of arbitrary code. This buffer overflow vulnerability affects
CWMail versions 2.8a (downloaded before 2/14/2002) and earlier on
Windows platforms with IIS4 and IIS5.
Resolution:
webnews.exe:
Download and install CWMail Version 2.8a (after 2/13/2002) or later from
http://netwinsite.com/dmailweb/download2.htm.
(Reference)
2/22/02
CVE 2002-0290
CAN 2002-0310
WebNews is a program which
provides a web-based interface for Internet News Groups. There are two
vulnerabilities in WebNews. The first is
a buffer overflow condition, which could allow a remote attacker to
execute arbitrary commands by supplying a very long string for the
group parameter. Versions of WebNews prior to 1.1k for Microsoft IIS are affected
by this vulnerability.
The second vulnerability is caused by the presence of default accounts and passwords built into the WebNews service. Since these accounts and passwords are public knowledge, an attacker could use them to gain unauthorized access to the WebNews service. WebNews 1.1h through 1.1k are affected by this vulnerability.
Resolution:
csSearch.cgi, csGuestbook.cgi, csLiveSupport.cgi,
csNews.cgi, csChatRBox.cgi:
Upgrade to
WebNews 1.1l or higher when it becomes available. If version 1.1l is not
yet available, the buffer overflow can be fixed by upgrading to
version 1.1k, but the server will still be vulnerable to the
built-in accounts and passwords.
(Reference)
3/28/02
4/30/02
CVE 2002-0495
These scripts, developed by CGIScript.net,
store their configuration
information in a file called setup.cgi which is executed
whenever the script runs. Due to a vulnerability in these scripts, it is possible for a remote attacker
to write arbitrary commands to the setup.cgi file, which
are subsequently executed.
Resolution:
CSMailto.cgi:
The freeware version of csSearch can be upgraded
to version 2.5 or higher. If you are using any other CGIScript product, contact
the vendor to determine whether you are vulnerable and to obtain the
patch.
(Reference)
4/30/02
CAN 2002-0749
CAN 2002-0750
CAN 2002-0751
CAN 2002-0752
CGIMailto by
CGIScript provides and processes
multiple mailto forms on a web site. Many of the script's
configuration variables are passed into the script through hidden
form input, allowing them to be manipulated by an attacker simply by
making a copy of the form and modifying the HTML code. Furthermore,
the referer check which is used to verify that the input is
coming from a valid form can easily be bypassed using several
methods. These vulnerabilities could allow a remote attacker
to execute arbitrary commands or mail arbitrary files to him-
or herself.
Resolution:
rwcgi60:
Contact the vendor for a fix. If a fix is not available,
it would be advisable to use a different mailto script.
(Reference)
6/25/02
CVE 2002-0947
This script is part of the Oracle 9iAS Reports Server.
Due to a buffer overflow condition, a remote attacker could
overwrite the saved return address and take control of the
process by sending a long, specially crafted database name
parameter with the setauth method. This
vulnerability results in SYSTEM privileges on Windows
machines, and more limited privileges on Unix systems.
Oracle 9iAS release 1.0.x and any product containing Oracle Reports Server 6.0.8.18.0 or older are affected by this vulnerability. Oracle 9iAS release 2 is not vulnerable.
Resolution:
Install patch 2356680. Patches are available from Oracle's
Metalink site.
(Reference)
bizdb1-search.cgi:
10/22/02
CVE 2000-0287
This script powers the BizDB database and search engine.
Insufficient parameter checking allows shell commands
embedded within the dbname parameter to be
executed. Furthermore, the program attempts to validate
the source of the request by checking the Referer
field in the HTTP headers, but these headers can be easily
spoofed. The combination of these two flaws allows a remote
attacker to execute arbitrary commands.
Resolution:
Download the latest version of the software.
(Reference)
add-subject.php:
10/28/02
This script is part of the
VBZoom bulletin
board system. Vulnerabilities in VBZoom could allow a remote
attacker to upload and execute arbitrary PHP scripts or
to reset any user's password.
Resolution:
There is no known fix at the time of this writing.
It would be advisable to remove VBZoom unless a vendor
fix is made available.
(Reference)
smb2www.pl:
12/13/02
CAN 2002-1342
SMB2WWW is a web interface
to the Samba
tool suite. A vulnerability could allow a remote attacker to
execute arbitrary commands.
Resolution:
openwebmail.pl:
Debian users should install the fix referenced in
Debian Security Advisory 203. Other users should
install a fix from their vendor, or remove the package.
Note that the script directory is usually referenced by
a separate ScriptAlias directory in the
Apache configuration file, and is not installed under the
usual cgi-bin directory.
(Reference)
1/10/03
This script is part of the
Open WebMail
package. Due to a lack of parameter checking, it is possible
for a remote attacker to cause arbitrary files to be included
in the execution of several PERL programs in this package. Thus, if the attacker already
has the ability to upload files onto the server, then
execution of arbitrary commands is possible with root
privileges.
Resolution:
webshell:
Apply the
patch
or upgrade
to version 1.82 or higher or openwebmail-current.
(Reference)
1/21/03
This script is part of the
HSphere
multiserver web hosting package. The WebShell application
is a web interface for file transfers. WebShell is affected
by several vulnerabilities, including a remotely exploitable
buffer overflow in the processing of HTTP headers, and
execution of commands embedded in input parameters. WebShell
versions prior to 2.4, and version 2.4 downloaded prior to
3 Jan. 2003, are affected.
Resolution:
phpBB:
Apply the patch. (Reference)
3/5/03
phpBB
is an open-source bulletin board system. Due to a SQL
injection vulnerability, a remote attacker could carry out
a "select fish" attack in which each digit of another
user's password hash can be determined independently by trying every
possible digit in a specially malformed query. This could
lead to unauthorized administrative access to the bulletin
board. phpBB 2.0 through 2.0.2 are affected.
Resolution:
mailattach.php:
Upgrade to phpBB 2.0.3 or higher. (Reference)
3/7/03
This script is part of the PHP-Nuke content management system. A directory
traversal vulnerability in this script could allow remote
attackers to upload a script which reveals the contents of
the configuration file, thus revealing database passwords.
Resolution:
upload.cgi:
Apply the workaround posted to
Bugtraq.
(Reference)
3/18/03
This script, which powers the
Upload Lite utility,
does not remove all temporary files when multiple files with
the same file name are uploaded at once. The remaining
temporary files have predictable file names. An attacker
could upload two files, the latter being an executable file containing arbitrary commands,
and then execute the file by requesting it from a web
browser. Only Windows versions of Upload Lite are affected
by this vulnerability.
Resolution:
Bonsai:
Remove the script from the web server.
(Reference)
4/1/03
CAN 2003-0152
CAN 2003-0153
CAN 2003-0154
CAN 2003-0155
Bonsai
is a utility for accessing CVS source trees using a web
server. Multiple vulnerabilities have been discovered in
Bonsai 1.3 and possibly earlier versions, including
remote command execution, cross-site scripting, path
disclosure, and unauthenticated access to parameters pages.
Resolution:
Install a fix from the operating system vendor, or upgrade
to Bonsai 1.3.1 or higher when available.
(Reference)
webc.cgi:
4/16/03
This script is the interpreter for the WebC server-side
scripting language. The path of the WebC script to execute
is appended to the URL. For example, a request for
http://host.com/cgi-bin/webc.cgi/scriptpath/scriptname
would execute the script contained in scriptpath/scriptname.
A buffer overflow occurs when there is a request for a very long script name. A remote attacker could execute arbitrary commands on the server. WebC 2.011 through 5.005 are affected by this vulnerability.
WebC prior to version 5.020 also contains several locally exploitable vulnerabilities, including a buffer overflow in the processing of environment variables, a format string vulnerability in the processing of error messages, and insecure handling of configuration files. These vulnerabilities typically cannot be exploited to gain root access.
Resolution:
Upgrade to version 5.020 or higher.
(Reference)
cart32.exe:
See the
Cerberus Advisory.
emurl/RECMAN.dll:
See the
Bugtraq posting.
guestbook:
See the
X-Force Advisory.
guestbook.cgi:
excite: site/eg/source.asp: w3-msql: ddicgi.exe: db2www: search97cgi/vtopic: webplus: Directory Services Gateway (dsgw): pbserver.dll: statsconfig.pl: wwwwais: pi: post-query: Linksys network devices: ncommerce3/*: websync.exe: query.asp, query.idq: FtpSaveCSP.dll, FtpSaveCVP.dll: register.dll: article.php: helpwin.gas.bat: login.gas.bat: genhtml.pl, susesearch.cgi: filemanager.asp: CWMail.exe: webnews.exe: csSearch.cgi, csGuestbook.cgi, csLiveSupport.cgi,
csNews.cgi, csChatRBox.cgi:
CSMailto.cgi: rwcgi60: bizdb1-search: add-subject.php: smb2www.pl: openwebmail.pl: webshell: phpBB: mailattach.php: upload.cgi: Bonsai: webc.cgi:
See the
VulnWatch posting.
See the
X-Force Advisory.
See the
Bugtraq posting.
See the
X-Force Advisory.
This vulnerability was discussed in an
advisory
from @stake.
This vulnerability was discussed in an
X-Force
Advisory.
See the
Bugtraq posting.
The
::$DATA problem and the
webping problem were both posted to Bugtraq.
The buffer overflows were reported in NGSSoftware advisories
#NISR05032002A and
#NISR17042002B.
See the CORE-SDI advisories on the
denial-of-service vulnerability and the
arbitrary code execution vulnerability. See the @stake advisory
for information on the second vulnerability.
See the CORE-SDI
advisory and
Microsoft Security Bulletin MS 00-094.
See Bugtraq.
See Bugtraq.
See S.A.F.E.R. Bulletin
010125.EXP.1.12.
See Bugtraq.
See the
CORE
security advisory.
See WebSphere Commerce Suite Security Issue 2.
This vulnerability was reported in Defcom Labs Advisory def-2001-18.
See Microsoft Security Bulletins
00-006 and
01-025.
See SNS Advisories
27,
28,
30,
31,
33,
34,
35, and
36.
See SNS Advisory
42.
The first vulnerability was posted to
Bugtraq.
The second vulnerability was also posted to
Bugtraq.
This vulnerability was reported in
Bugtraq and
Entrust Bulletin E01-005.
This vulnerability was posted to
Bugtraq.
This vulnerability was reported in SuSE Security Announcements
2001:041 and
2003:005.
This vulnerability was reported in
Bugtraq.
This vulnerability was reported in
Bugtraq.
These vulnerabilities were reported in
NGSSoftware Security
Advisory #NISR18022002 and
Bugtraq.
The vulnerability in csSearch was posted to Bugtraq.
The vulnerabilities in the other products were also posted to
Bugtraq.
This vulnerability was posted to
Bugtraq.
This vulnerability was reported in
Oracle Security Alert #35 and
NGSSoftware Advisory #NISR12062002B.
This vulnerability was posted to
Bugtraq.
This vulnerability was posted to
Bugtraq.
This vulnerability was reported in
Debian
Security Advisory 203.
This vulnerability was reported in an
Open WebMail Security Advisory
and Bugtraq.
This vulnerability was posted to
Bugtraq.
This vulnerability was posted to
Bugtraq.
This vulnerability was posted to
Bugtraq.
This vulnerability was posted to
Bugtraq.
This vulnerability was reported in
Debian Security Advisory 265.
This vulnerability was posted to
Bugtraq.