Vulnerabilities > CVE-1999-0066 - Unspecified vulnerability in John S. Roberts Anyform 1.0/2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
AnyForm CGI remote execution.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | John S.2 Roberts AnyForm 1.0/2.0 CGI Semicolon Vulnerability. CVE-1999-0066. Remote exploit for linux platform |
| id | EDB-ID:19557 |
| last seen | 2016-02-02 |
| modified | 1995-07-31 |
| published | 1995-07-31 |
| reporter | Paul Phillips |
| source | https://www.exploit-db.com/download/19557/ |
| title | John S.2 Roberts AnyForm 1.0/2.0 CGI Semicolon Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | ANYFORM.NASL |
| description | The CGI |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10277 |
| published | 2002-08-26 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10277 |
| title | AnyForm CGI Arbitrary Command Execution |
Seebug
| bulletinFamily | exploit |
| description | BugCVE: CVE-1999-0066 BUGTRAQ: 719 AnyForm是一个利用简单表单发送Email的CGI脚本,由John Roberts编写。 AnyForm版本2(AnyForm2)实现上存在输入验证漏洞,远程攻击者可以利用此漏洞在主机上以Web进程的权限执行任意命令。 AnyForm未经检查就把从表单得到的用户输入传递给SYSTEM系统调用,远程攻击者可能在输入中插入“;”等转义字符而执行任意命令 Unix版本 暂无 |
| id | SSV:4290 |
| last seen | 2017-11-19 |
| modified | 2008-10-25 |
| published | 2008-10-25 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4290 |
| title | AnyForm脚本远程可执行任意命令漏洞 |