ID OSVDB:10838 Type osvdb Reporter OSVDB Modified 2004-10-14T00:00:00
Description
Vulnerability Description
WeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the rpm.cgi.in script. This allows users to execute shell commands with the privileges of the web server.
Solution Description
Upgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
WeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the rpm.cgi.in script. This allows users to execute shell commands with the privileges of the web server.
{"id": "OSVDB:10838", "bulletinFamily": "software", "title": "WeHelpBUS rpm.cgi.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the rpm.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the rpm.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10839](https://vulners.com/osvdb/OSVDB:10839)\n[Related OSVDB ID: 10835](https://vulners.com/osvdb/OSVDB:10835)\n[Related OSVDB ID: 10777](https://vulners.com/osvdb/OSVDB:10777)\n[Related OSVDB ID: 10834](https://vulners.com/osvdb/OSVDB:10834)\n[Related OSVDB ID: 10836](https://vulners.com/osvdb/OSVDB:10836)\n[Related OSVDB ID: 10837](https://vulners.com/osvdb/OSVDB:10837)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "modified": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10838", "reporter": "OSVDB", "references": [], "cvelist": ["CVE-2004-2183"], "type": "osvdb", "lastseen": "2017-04-28T13:20:06", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d2cd9a6b7924c72f5205e724051d108b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4e3d7dd91bdf911462a011e8c14fb610"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "f9b5daa1ea8b7aa7388459bf144c1c79"}, {"key": "href", "hash": "56bc805af67ccfb4579a7b8e20279051"}, {"key": "modified", "hash": "f20a4ef8921594a0117101bc05923075"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f20a4ef8921594a0117101bc05923075"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "8ca314dabc3af8e28ec36191e8a705dd"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "4d7e5b80c52f5c663b1450d0b519059e30123a35d77a2570d424d117f60e3abc", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "WeHelpBus", "operator": "eq", "version": "0.1"}], "enchantments": {"vulnersScore": 2.8}}
{"result": {"cve": [{"id": "CVE-2004-2183", "type": "cve", "title": "CVE-2004-2183", "description": "Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.", "published": "2004-12-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2183", "cvelist": ["CVE-2004-2183"], "lastseen": "2016-09-03T04:48:19"}], "osvdb": [{"id": "OSVDB:10777", "type": "osvdb", "title": "WeHelpBUS sk.cgi.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the sk.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the sk.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10839](https://vulners.com/osvdb/OSVDB:10839)\n[Related OSVDB ID: 10838](https://vulners.com/osvdb/OSVDB:10838)\n[Related OSVDB ID: 10835](https://vulners.com/osvdb/OSVDB:10835)\n[Related OSVDB ID: 10834](https://vulners.com/osvdb/OSVDB:10834)\n[Related OSVDB ID: 10836](https://vulners.com/osvdb/OSVDB:10836)\n[Related OSVDB ID: 10837](https://vulners.com/osvdb/OSVDB:10837)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10777", "cvelist": ["CVE-2004-2183"], "lastseen": "2017-04-28T13:20:06"}, {"id": "OSVDB:10835", "type": "osvdb", "title": "WeHelpBUS wehelpbus.pl.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the wehelpbus.pl.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the wehelpbus.pl.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10839](https://vulners.com/osvdb/OSVDB:10839)\n[Related OSVDB ID: 10838](https://vulners.com/osvdb/OSVDB:10838)\n[Related OSVDB ID: 10777](https://vulners.com/osvdb/OSVDB:10777)\n[Related OSVDB ID: 10834](https://vulners.com/osvdb/OSVDB:10834)\n[Related OSVDB ID: 10836](https://vulners.com/osvdb/OSVDB:10836)\n[Related OSVDB ID: 10837](https://vulners.com/osvdb/OSVDB:10837)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10835", "cvelist": ["CVE-2004-2183"], "lastseen": "2017-04-28T13:20:06"}, {"id": "OSVDB:10837", "type": "osvdb", "title": "WeHelpBUS man.cgi.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the man.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the man.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10839](https://vulners.com/osvdb/OSVDB:10839)\n[Related OSVDB ID: 10838](https://vulners.com/osvdb/OSVDB:10838)\n[Related OSVDB ID: 10835](https://vulners.com/osvdb/OSVDB:10835)\n[Related OSVDB ID: 10777](https://vulners.com/osvdb/OSVDB:10777)\n[Related OSVDB ID: 10834](https://vulners.com/osvdb/OSVDB:10834)\n[Related OSVDB ID: 10836](https://vulners.com/osvdb/OSVDB:10836)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10837", "cvelist": ["CVE-2004-2183"], "lastseen": "2017-04-28T13:20:06"}, {"id": "OSVDB:10834", "type": "osvdb", "title": "WeHelpBUS skdoc.cgi.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the skdoc.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the skdoc.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10839](https://vulners.com/osvdb/OSVDB:10839)\n[Related OSVDB ID: 10838](https://vulners.com/osvdb/OSVDB:10838)\n[Related OSVDB ID: 10835](https://vulners.com/osvdb/OSVDB:10835)\n[Related OSVDB ID: 10777](https://vulners.com/osvdb/OSVDB:10777)\n[Related OSVDB ID: 10836](https://vulners.com/osvdb/OSVDB:10836)\n[Related OSVDB ID: 10837](https://vulners.com/osvdb/OSVDB:10837)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10834", "cvelist": ["CVE-2004-2183"], "lastseen": "2017-04-28T13:20:06"}, {"id": "OSVDB:10836", "type": "osvdb", "title": "WeHelpBUS info.cgi.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the info.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the info.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10839](https://vulners.com/osvdb/OSVDB:10839)\n[Related OSVDB ID: 10838](https://vulners.com/osvdb/OSVDB:10838)\n[Related OSVDB ID: 10835](https://vulners.com/osvdb/OSVDB:10835)\n[Related OSVDB ID: 10777](https://vulners.com/osvdb/OSVDB:10777)\n[Related OSVDB ID: 10834](https://vulners.com/osvdb/OSVDB:10834)\n[Related OSVDB ID: 10837](https://vulners.com/osvdb/OSVDB:10837)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10836", "cvelist": ["CVE-2004-2183"], "lastseen": "2017-04-28T13:20:06"}, {"id": "OSVDB:10839", "type": "osvdb", "title": "WeHelpBUS code.cgi.in Query String Arbitrary Command Execution", "description": "## Vulnerability Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the code.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## Solution Description\nUpgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWeHelpBUS contains a flaw that allows a remote command execution attack. This flaw exists because the application does not validate the QUERY_STRING variable upon submission to the code.cgi.in script. This allows users to execute shell commands with the privileges of the web server.\n## References:\nVendor URL: http://wehelpbus.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=275295\nSecurity Tracker: 1011743\n[Secunia Advisory ID:12831](https://secuniaresearch.flexerasoftware.com/advisories/12831/)\n[Related OSVDB ID: 10838](https://vulners.com/osvdb/OSVDB:10838)\n[Related OSVDB ID: 10835](https://vulners.com/osvdb/OSVDB:10835)\n[Related OSVDB ID: 10777](https://vulners.com/osvdb/OSVDB:10777)\n[Related OSVDB ID: 10834](https://vulners.com/osvdb/OSVDB:10834)\n[Related OSVDB ID: 10836](https://vulners.com/osvdb/OSVDB:10836)\n[Related OSVDB ID: 10837](https://vulners.com/osvdb/OSVDB:10837)\n[CVE-2004-2183](https://vulners.com/cve/CVE-2004-2183)\nBugtraq ID: 11431\n", "published": "2004-10-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:10839", "cvelist": ["CVE-2004-2183"], "lastseen": "2017-04-28T13:20:06"}]}}