Steve Gustin

7 exploits Active since Aug 2002
CVE-2002-0749 EXPLOITDB text WORKING POC
CGIscript.net csmailto - Remote Code Execution via Form-Attachment Field
CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.
CVE-2002-0495 EXPLOITDB text WORKING POC
csSearch Professional < 2.3 - Remote Code Execution via Setup Parameter
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
CVE-2002-0919 EXPLOITDB text WRITEUP
CGIScript.net csPassword.cgi - Privilege Escalation
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
CVE-2002-0919 EXPLOITDB text WRITEUP
CGIScript.net csPassword.cgi - Privilege Escalation
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
EIP-2026-100772 EXPLOITDB perl WORKING POC
CGIScript.net 1.0 - Information Disclosure
CVE-2002-0922 EXPLOITDB text WRITEUP
CGIScript.net csNews.cgi - Info Disclosure
CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.
CVE-2002-0923 EXPLOITDB text WRITEUP
CGIScript.net csNews.cgi - Privilege Escalation
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.