Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. Date published : 2000-09-21 http://archives.neohapsis.com/archives/bugtraq/2000-08/0370.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0452.html
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter....
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter....
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. Date published : 2000-09-21 http://www.securityfocus.com/bid/1630 http://archives.neohapsis.com/archives/bugtraq/2000-08/0310.html
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. Date published : 2000-09-21 http://www.securityfocus.com/bid/1630 http://archives.neohapsis.com/archives/bugtraq/2000-08/0310.html
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names,...