Vulnerabilities > CVE-1999-0066 - Unspecified vulnerability in John S. Roberts Anyform 1.0/2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
AnyForm CGI remote execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | John S.2 Roberts AnyForm 1.0/2.0 CGI Semicolon Vulnerability. CVE-1999-0066. Remote exploit for linux platform |
id | EDB-ID:19557 |
last seen | 2016-02-02 |
modified | 1995-07-31 |
published | 1995-07-31 |
reporter | Paul Phillips |
source | https://www.exploit-db.com/download/19557/ |
title | John S.2 Roberts AnyForm 1.0/2.0 CGI Semicolon Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | ANYFORM.NASL |
description | The CGI |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10277 |
published | 2002-08-26 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/10277 |
title | AnyForm CGI Arbitrary Command Execution |
Seebug
bulletinFamily | exploit |
description | BugCVE: CVE-1999-0066 BUGTRAQ: 719 AnyForm是一个利用简单表单发送Email的CGI脚本,由John Roberts编写。 AnyForm版本2(AnyForm2)实现上存在输入验证漏洞,远程攻击者可以利用此漏洞在主机上以Web进程的权限执行任意命令。 AnyForm未经检查就把从表单得到的用户输入传递给SYSTEM系统调用,远程攻击者可能在输入中插入“;”等转义字符而执行任意命令 Unix版本 暂无 |
id | SSV:4290 |
last seen | 2017-11-19 |
modified | 2008-10-25 |
published | 2008-10-25 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-4290 |
title | AnyForm脚本远程可执行任意命令漏洞 |