Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC Port Details:


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Graph

[show ascii data]
Graph Criteria
  • Start Date:
  • End Date:
  • Port:
  • Left Y Axis:
  • Right Y Axis:

Port Information

Protocol Service Name
udp www World Wide Web HTTP
tcp www World Wide Web HTTP
tcp 711trojan [trojan] 711 trojan (Seven Eleven)
tcp Ramen [trojan] Ramen
tcp ReverseWWWTunnel [trojan] Reverse WWW Tunnel Backdoor
tcp RingZero [trojan] RingZero
tcp RTB666 [trojan] RTB 666
tcp Seeker [trojan] Seeker
tcp WANRemote [trojan] WAN Remote
tcp WebDownloader [trojan] WebDownloader
tcp WebServerCT [trojan] Web Server CT
udp http World Wide Web HTTP
tcp Noob [trojan] Noob
tcp NCX [trojan] NCX
tcp MTX [trojan] MTX
tcp AckCmd [trojan] AckCmd
tcp BackEnd [trojan] Back End
tcp BO2000Plug-Ins [trojan] Back Orifice 2000 Plug-Ins
tcp Cafeini [trojan] Cafeini
tcp CGIBackdoor [trojan] CGI Backdoor
tcp Executor [trojan] Executor
tcp GodMessage4Creator [trojan] God Message 4 Creator
tcp GodMessage [trojan] God Message
tcp Hooker [trojan] Hooker
tcp http World Wide Web HTTP
tcp IISworm [trojan] IISworm
tcp 8085 http proxy for Koobface Variant
[get complete service list]

User Comment

Submitted By Date
Comment
Boris Atanassov 2010-04-02 00:05:39
Port 443 together with 80 is also used by SKYPE.
Adam Nowacki 2004-07-01 16:27:06
This is default listen port for distcc daemon (distributed C/C++ compiler). It only supports IP based authentication and defaults to allow from all, which means anyone can use it. It does no other harm than letting others to use your hardware (at +5 nice) to speed up their compilation process.
Adam Nowacki 2004-07-01 16:26:52
3632 is default listen port for distcc daemon (distributed C/C++ compiler). It only supports IP based authentication and defaults to allow from all, which means anyone can use it. It does no other harm than letting others to use your hardware (at +5 nice) to speed up their compilation process.
arzie 2004-06-20 20:14:44
Port 4672/udp is used by the emule file sharing software. http://www.emule-project.net/home/perl/help.cgi?l=2&topic_id=27&rm=show_topic
Javier Fernandez-Sanguino 2003-12-14 08:56:37
It might be worthwhile adding the CVE entries related to known Apache security vulnerabilities. Sources for information with these are: - http://www.apacheweek.com/features/security-13 for Apache 1.3 and - http://www.apacheweek.com/features/security-20 for Apache 2..0
Marcus H. Sachs, SANS Institute 2003-10-10 00:33:47
SANS Top-20 Entry: W1 Internet Information Services (IIS) http://isc.sans.org/top20.html#w1 Default installations of Internet Information Services (IIS) have proven vulnerable to a number of serious attacks over time. The impact of these vulnerabilities can include: - Denial of service - Exposure or compromise of sensitive files or data - Execution of arbitrary commands - Complete compromise of the server ---------- SANS Top-20 Entry: U3 Apache Web Server http://isc.sans.org/top20.html#u3 Apache has historically been, and continues to be the most popular web server on the Internet. In comparison to Microsofts Internet Information Server, Apache may have a cleaner record in regards to security, but it still has its fair share of vulnerabilities. In addition to exploits in Apaches core and modules (CA-2002-27, CA-2002-17), SQL, databases, CGI, PHP vulnerabilities are all potentially exposed through the web server. If left unsecured, vulnerabilities in the Apache web server implementation and associated components can result in denial of service, information disclosure, web site defacement, remote root access, or countless other unfavorable results.
Add a comment

CVE Links

CVE # Description
CVE-1999-21 "Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program."
CVE-1999-39 "webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter."
CVE-1999-45 "List of arbitrary files on Web host via nph-test-cgi script."
CVE-1999-66 "AnyForm CGI remote execution."
CVE-1999-67 "phf CGI program allows remote command execution through shell metacharacters."
CVE-1999-68 "CGI PHP mylog script allows an attacker to read any file on the target server."
CVE-1999-70 "test-cgi program allows an attacker to list files on the server."
CVE-1999-146 "The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string
CVE-1999-147 "The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands."
CVE-1999-148 "The handler CGI program in IRIX allows arbitrary command execution."
CVE-1999-149 "The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack."
CVE-1999-172 "FormMail CGI program allows remote execution of commands."
CVE-1999-174 "The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack."
CVE-1999-175 "The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server."
CVE-1999-176 "The Webgais program allows a remote user to execute arbitrary commands."
CVE-1999-178 "Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string."
CVE-1999-191 "IIS newdsn.exe CGI script allows remote users to overwrite files."
CVE-1999-196 "websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable)."
CVE-1999-229 "Denial of service in Windows NT IIS server using ..\.."
CVE-1999-233 "IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files."
CVE-1999-236 "ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs."
CVE-1999-237 "Remote execution of arbitrary commands through Guestbook CGI program."
CVE-1999-238 "php.cgi allows attackers to read any file on the system."
CVE-1999-253 "IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL."
CVE-1999-260 "The jj CGI program allows command execution via shell metacharacters."
CVE-1999-262 "Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
CVE-1999-264 "htmlscript CGI program allows remote read access to files."
CVE-1999-266 "The info2www CGI script allows remote file access or remote command execution."
CVE-1999-269 "Netscape Enterprise servers may list files through the PageServices query."
CVE-1999-270 "Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as ""pfdisplay"") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files."
CVE-1999-276 "mSQL v2.0.1 and below allows remote execution through a buffer overflow."
CVE-1999-278 "In IIS
CVE-1999-279 "Excite for Web Servers (EWS) allows remote command execution via shell metacharacters."
CVE-1999-287 "Vulnerability in the Wguest CGI program."
CVE-1999-360 "MS Site Server 2.0 with IIS 4 can allow users to upload content
CVE-1999-386 "Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL."
CVE-1999-407 "By default
CVE-1999-408 "Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable
CVE-1999-449 "The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp
CVE-1999-455 "The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm
CVE-1999-474 "The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory."
CVE-1999-477 "The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm
CVE-1999-509 "Perl
CVE-1999-606 "An incorrect configuration of the EZMall 2000 shopping cart CGI program ""mall2000.cgi"" could disclose private information."
CVE-1999-607 "quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control
CVE-1999-610 "An incorrect configuration of the Webcart CGI program could disclose private information."
CVE-1999-612 "A version of finger is running that exposes valid user information to any entity on the network."
CVE-1999-643 "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities
CVE-1999-678 "A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc
CVE-1999-710 "The Squid package in Red Hat Linux 5.2 and 6.0
CVE-1999-736 "The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files."
CVE-1999-737 "The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files."
CVE-1999-800 "The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm."
CVE-1999-874 "Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR
CVE-1999-885 "Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL."
CVE-1999-913 "dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters."
CVE-1999-930 "wwwboard allows a remote attacker to delete message board articles via a malformed argument."
CVE-1999-934 "classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters."
CVE-1999-936 "BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters."
CVE-1999-937 "BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable."
CVE-1999-947 "AN-HTTPd provides example CGI scripts test.bat
CVE-1999-951 "Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands."
CVE-1999-953 "WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers."
CVE-1999-970 "The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created."
CVE-1999-1005 "Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter."
CVE-1999-1011 "The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods
CVE-1999-1030 "counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline)
CVE-1999-1050 "Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter
CVE-1999-1052 "Microsoft FrontPage stores form results in a default location in /_private/form_results.txt
CVE-1999-1063 "CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter."
CVE-1999-1067 "SGI MachineInfo CGI program
CVE-1999-1069 "Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter."
CVE-1999-1070 "Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter."
CVE-1999-1072 "Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi."
CVE-1999-1078 "WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files
CVE-1999-1081 "Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files."
CVE-1999-1154 "LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address."
CVE-1999-1177 "Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation."
CVE-1999-1178 "Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script."
CVE-1999-1179 "Vulnerability in man.sh CGI script
CVE-1999-1180 "O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat."
CVE-1999-1189 "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service
CVE-1999-1232 "Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program."
CVE-1999-1278 "nlog CGI scripts do not properly filter shell metacharacters from the IP address argument
CVE-1999-1374 "perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root
CVE-1999-1376 "Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands."
CVE-1999-1377 "Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter."
CVE-1999-1462 "Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attacker to read portions of arbitrary files."
CVE-1999-1479 "The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters."
CVE-1999-1520 "A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file
CVE-1999-1530 "cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts
CVE-1999-1533 "Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service."
CVE-1999-1538 "When IIS 2 or 3 is upgraded to IIS 4
CVE-1999-1550 "bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the ""file"" parameter."
CVE-2000-24 "IIS does not properly canonicalize URLs
CVE-2000-39 "AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program."
CVE-2000-54 "search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack."
CVE-2000-57 "Cold Fusion CFCACHE tag places temporary cache files within the web document root
CVE-2000-63 "cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script."
CVE-2000-66 "WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request."
CVE-2000-71 "IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions."
CVE-2000-74 "PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions."
CVE-2000-79 "The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL."
CVE-2000-97 "The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files
CVE-2000-117 "The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users
CVE-2000-122 "Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program."
CVE-2000-127 "The Webspeed configuration program does not properly disable access to the WSMadmin utility
CVE-2000-169 "Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'."
CVE-2000-180 "Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack."
CVE-2000-189 "ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files."
CVE-2000-191 "Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack."
CVE-2000-192 "The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query
CVE-2000-207 "SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters."
CVE-2000-208 "The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch."
CVE-2000-213 "The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory
CVE-2000-236 "Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump."
CVE-2000-242 "WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters."
CVE-2000-252 "The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable."
CVE-2000-260 "Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands
CVE-2000-278 "The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program
CVE-2000-282 "TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program."
CVE-2000-287 "The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter."
CVE-2000-288 "Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable."
CVE-2000-302 "Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL."
CVE-2000-304 "Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program
CVE-2000-322 "The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters."
CVE-2000-381 "The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter."
CVE-2000-382 "ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection
CVE-2000-396 "The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server
CVE-2000-401 "Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string."
CVE-2000-413 "The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML
CVE-2000-423 "Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group
CVE-2000-429 "A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands."
CVE-2000-432 "The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters."
CVE-2000-439 "Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL
CVE-2000-457 "ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension
CVE-2000-521 "Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number."
CVE-2000-526 "mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack."
CVE-2000-538 "ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password."
CVE-2000-590 "Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter."
CVE-2000-622 "Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long ""keywords"" parameter."
CVE-2000-627 "BlackBoard CourseInfo 4.0 does not properly authenticate users
CVE-2000-628 "The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files."
CVE-2000-629 "The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html
CVE-2000-630 "IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL
CVE-2000-638 "bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter."
CVE-2000-642 "The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root
CVE-2000-670 "The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters."
CVE-2000-671 "Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions
CVE-2000-672 "The default configuration of Jakarta Tomcat does not restrict access to the /admin context
CVE-2000-674 "ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack."
CVE-2000-677 "Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable."
CVE-2000-682 "BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL
CVE-2000-683 "BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL
CVE-2000-707 "PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root
CVE-2000-726 "CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable."
CVE-2000-746 "Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site
CVE-2000-758 "The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field."
CVE-2000-760 "The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension."
CVE-2000-769 "O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users
CVE-2000-778 "IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a ""Translate: f"" header
CVE-2000-826 "Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request."
CVE-2000-832 "Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter."
CVE-2000-835 "search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query paraeater."
CVE-2000-853 "YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack."
CVE-2000-868 "The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/."
CVE-2000-869 "The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV
CVE-2000-884 "IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root
CVE-2000-906 "Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters."
CVE-2000-921 "Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter."
CVE-2000-922 "Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter."
CVE-2000-924 "Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the ""catigory"" parameter."
CVE-2000-925 "The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions
CVE-2000-940 "Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the ""name"" or ""display"" parameter."
CVE-2000-942 "The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request
CVE-2000-945 "The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set
CVE-2000-951 "A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search."
CVE-2000-952 "global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters."
CVE-2000-967 "PHP 3 and 4 do not properly cleanse user-injected format strings
CVE-2000-975 "Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack."
CVE-2000-977 "mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the ""filename"" parameter in a POST request
CVE-2000-1005 "Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter."
CVE-2000-1016 "The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory
CVE-2000-1023 "The Alabanza Control Panel does not require passwords to access administrative commands
CVE-2000-1024 "eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet
CVE-2000-1025 "eWave ServletExec JSP/Java servlet engine
CVE-2000-1036 "Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter."
CVE-2000-1049 "Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of ""."" characters."
CVE-2000-1078 "ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a ""?"" character."
CVE-2000-1092 "loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a ""/"" in front of the target filename in the ""file"" parameter."
CVE-2000-1110 "document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program."
CVE-2000-1131 "Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable."
CVE-2000-1132 "DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files
CVE-2000-1171 "Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the ""thesection"" parameter."
CVE-2000-1196 "PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter."
CVE-2001-9 "Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack."
CVE-2001-21 "MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter."
CVE-2001-22 "simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter."
CVE-2001-23 "everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter."
CVE-2001-25 "ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter."
CVE-2001-75 "Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter."
CVE-2001-76 "register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter
CVE-2001-96 "FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form
CVE-2001-99 "bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address."
CVE-2001-100 "bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address."
CVE-2001-113 "statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter
CVE-2001-123 "Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter."
CVE-2001-133 "The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption
CVE-2001-180 "Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the ""email"" parameter."
CVE-2001-210 "Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter."
CVE-2001-211 "Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter."
CVE-2001-212 "Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter
CVE-2001-214 "Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte."
CVE-2001-215 "ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte."
CVE-2001-216 "PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter."
CVE-2001-217 "Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter."
CVE-2001-223 "Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request)."
CVE-2001-224 "Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter."
CVE-2001-232 "newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters."
CVE-2001-241 "Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0."
CVE-2001-250 "The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command."
CVE-2001-251 "The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command."
CVE-2001-252 "iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many ""/../"" (dot dot) sequences."
CVE-2001-253 "Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter."
CVE-2001-271 "mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters."
CVE-2001-272 "Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter."
CVE-2001-291 "Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters."
CVE-2001-302 "Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service
CVE-2001-305 "Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter."
CVE-2001-319 "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
CVE-2001-330 "Bugzilla 2.10 allows remote attackers to access sensitive information
CVE-2001-333 "Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and ""\"" characters twice."
CVE-2001-341 "Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll."
CVE-2001-400 "nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters (""`"") in the email address."
CVE-2001-420 "Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter."
CVE-2001-432 "Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands."
CVE-2001-436 "dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program."
CVE-2001-463 "Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter."
CVE-2001-466 "Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
CVE-2001-476 "Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string
CVE-2001-527 "DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form
CVE-2001-537 "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands
CVE-2001-552 "ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message."
CVE-2001-555 "ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet."
CVE-2001-561 "Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi
CVE-2001-590 "Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0)."
CVE-2001-660 "Outlook Web Access (OWA) in Microsoft Exchange 5.5
CVE-2001-731 "Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the ""M=D"" query string."
CVE-2001-740 "3COM OfficeConnect 812 and 840 ADSL Router 4.2
CVE-2001-746 "Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES
CVE-2001-749 "Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root."
CVE-2001-780 "Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attacker to gain sensitive information via a .. (dot dot) in the SHOW parameter."
CVE-2001-805 "Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter."
CVE-2001-821 "The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory
CVE-2001-849 "viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded
CVE-2001-871 "Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18
CVE-2001-922 "ndcgi.exe in Netdynamics 4.x through 5.x
CVE-2001-937 "PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters."
CVE-2001-938 "Directory traversal vulnerability in AspUpload 2.1
CVE-2001-958 "Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll
CVE-2001-997 "Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter."
CVE-2001-1014 "eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter."
CVE-2001-1020 "edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter
CVE-2001-1032 "admin.php in PHP-Nuke 5.2 and earlier
CVE-2001-1044 "Basilix Webmail 0.9.7beta
CVE-2001-1049 "Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable."
CVE-2001-1067 "Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service
CVE-2001-1100 "sendmessage.cgi in W3Mail 1.0.2
CVE-2001-1114 "book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the ""current"" parameter."
CVE-2001-1115 "generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter."
CVE-2001-1130 "Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters
CVE-2001-1150 "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files."
CVE-2001-1195 "Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager
CVE-2001-1196 "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument."
CVE-2001-1199 "Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g
CVE-2001-1205 "Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable."
CVE-2001-1209 "Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
CVE-2001-1212 "Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter."
CVE-2001-1216 "Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page."
CVE-2001-1226 "AdCycle 1.17 and earlier allow remote attackers to modify SQL queries
CVE-2001-1252 "Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console
CVE-2001-1283 "The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi
CVE-2001-1341 "The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default
CVE-2001-1343 "ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter."
CVE-2001-1370 "prepend.php3 in PHPLib before 7.2d
CVE-2001-1408 "Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter."
CVE-2002-8 "Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the ""who"" parameter
CVE-2002-11 "Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login."
CVE-2002-71 "Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names."
CVE-2002-81 "Buffer overflows in (1) php_mime_split in PHP 4.1.0
CVE-2002-150 "Buffer overflow in Internet Information Server (IIS) 4.0
CVE-2002-206 "index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier
CVE-2002-220 "phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters."
CVE-2002-230 "Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter
CVE-2002-232 "Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi
CVE-2002-236 "Lucent VitalSuite 8.0 through 8.2
CVE-2002-263 "Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi
CVE-2002-273 "Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter."
CVE-2002-290 "Buffer overflow in Netwin WebNews CGI program 1.1
CVE-2002-306 "ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter."
CVE-2002-308 "admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments."
CVE-2002-346 "Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi."
CVE-2002-364 "Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions
CVE-2002-375 "Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter."
CVE-2002-392 "Apache 1.3 through 1.3.24
CVE-2002-434 "Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter."
CVE-2002-495 "csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter
CVE-2002-516 "SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie."
CVE-2002-539 "Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie."
CVE-2002-562 "The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root
CVE-2002-568 "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely
CVE-2002-599 "Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen."
CVE-2002-611 "Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters
CVE-2002-613 "dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters."
CVE-2002-614 "PHP-Survey 20000615 and earlier stores the global.inc file under the web root
CVE-2002-682 "Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping
CVE-2002-710 "Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter."
CVE-2002-734 "b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations
CVE-2002-749 "CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field."
CVE-2002-855 "Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature."
CVE-2002-882 "The web server for Cisco IP Phone (VoIP) models 7910
CVE-2002-902 "Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote ("") in the [IMG] tag
CVE-2002-917 "CGIScript.net csPassword.cgi stores .htpasswd files under the web document root
CVE-2002-920 "CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data
CVE-2002-923 "CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files
CVE-2002-934 "Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file."
CVE-2002-947 "Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier
CVE-2002-1027 "Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter."
CVE-2002-1042 "Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9
CVE-2002-1070 "Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter."
CVE-2002-1142 "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6
CVE-2002-1169 "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number
CVE-2002-1236 "The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments."
CVE-2002-1334 "Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi
CVE-2002-1341 "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10
CVE-2002-1361 "overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter."
CVE-2002-1436 "The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request."
CVE-2002-1526 "Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field."
CVE-2002-1559 "Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter."
CVE-2003-42 "Jakarta Tomcat before 3.3.1a
CVE-2003-54 "Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method
CVE-2003-109 "Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0
CVE-2003-117 "Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver."
CVE-2003-153 "bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi
CVE-2003-215 "SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields
CVE-2003-217 "Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script."
CVE-2003-227 "The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000
CVE-2003-377 "SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4
CVE-2003-394 "objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site."
CVE-2003-422 "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters."
CVE-2003-434 "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
CVE-2003-471 "Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument."
CVE-2003-486 "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter."
CVE-2003-624 "Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter."
CVE-2003-626 "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments."
CVE-2003-818 "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL)
CVE-2003-906 "Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a
CVE-2004-30 "PHP remote file inclusion vulnerability in (1) functions.php
CVE-2004-32 "Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter."
CVE-2004-39 "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54
CVE-2004-95 "McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value
CVE-2004-204 "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10
CVE-2004-798 "Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter."
CVE-2004-1134 "Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string."
CVE-2005-202 "Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via "".../....///"" sequences