RSS   Vulnerabilities for 'Un-cgi'   RSS

2001-07-17
 
CVE-2001-1242

 

 
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.

 
 
CVE-2001-1241

 

 
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.

 


Copyright 2024, cxsecurity.com

 

Back to Top