MidnightBSD

Advisories for steve_grimm

CVE-2001-1241 HIGH

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_grimm un-cgi 1.6.1
steve_grimm un-cgi 1.1
steve_grimm un-cgi 1.6.2
steve_grimm un-cgi 1.6
steve_grimm un-cgi 1.2
steve_grimm un-cgi 1.3
steve_grimm un-cgi 1.9
steve_grimm un-cgi 1.8
steve_grimm un-cgi 1.0
steve_grimm un-cgi 1.5
steve_grimm un-cgi 1.4
steve_grimm un-cgi 1.7
CVE-2001-1242 HIGH

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_grimm un-cgi 1.6.1
steve_grimm un-cgi 1.1
steve_grimm un-cgi 1.6.2
steve_grimm un-cgi 1.6
steve_grimm un-cgi 1.2
steve_grimm un-cgi 1.3
steve_grimm un-cgi 1.9
steve_grimm un-cgi 1.8
steve_grimm un-cgi 1.0
steve_grimm un-cgi 1.5
steve_grimm un-cgi 1.4
steve_grimm un-cgi 1.7