[SECURITY] Fedora Core 6 Update: mod_perl-2.0.2-6.2.fc6

Modperl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Modperl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quick...

[SECURITY] Fedora 7 Update: mod_perl-2.0.3-9.1.fc7

Modperl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Modperl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quick...

Authentication flaw

Deutsche Telekom T-com Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script...

CVE-2007-2649

Deutsche Telekom T-com Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script...

CVE-2007-2649

The CVE-2007-2649 entry concerns Deutsche Telekom Speedport W 700v. The device uses JavaScript delays to throttle invalid authentication attempts against a CGI script, but remote attackers can bypass these delays by issuing direct calls to the authentication CGI script, enabling brute-force attem...

CVE-2007-2649

Deutsche Telekom T-com Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script...

OPeNDAP code execution vulnerability

Overview OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server. Description From the OPenNDAP website:OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tool...

Debian Linux apache privilege escalation

User can inject shell command into shell from where apache was started by using TIOCSTI ioctl on the ctty socket in CGI script...

[Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)

Version 1.3.34-4 of Apache in the Debian Linux distribution contains a hole that allows a local user to access a root shell if the webserver has been restarted manually. This bug does not exist in the upstream apache distribution, and was patched in specifically by the Debian distribution. The bu...

AWStats configdir Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

Apache 2.2.2 - CGI Script Source Code Information Disclosure

source: https://www.securityfocus.com/bid/19447/info Apache is prone to an information-disclosure vulnerability because it fails to properly handle exceptional conditions. An attacker can exploit this issue to retrieve script source code. Information obtained may aid in further attacks. Versions...

TWiki configure Script Arbitrary Command Execution

The version of TWiki installed on the remote host uses an unsafe 'eval' in the 'bin/configure' script that can be exploited by an unauthenticated attacker to execute arbitrary Perl code subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2006-3207

Directory traversal vulnerability in newpost.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence and trailing null %00 byte in the id parameter, as demonstrated by injecting a Perl CGI script using "NR" sequences in the...

ishopcart cgi 0day and multiple vulnerabilities

Vendor: ishopcart inc Vendor Site: ishopcart.com Vendor Status: notified via telephone While spending a night auditing I have found 2 buffer overflows and 1 directory traversal in the ishopcart cgi, which is written in C. The directory traversal is caused by how the cgi chooses to show pages. If,...

Edgewall Software Trac SQL injection flaw

The remote web server contains a CGI script that is affected by a SQL injection flaw. Description: The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects written in python. The remote version of this software is prone to a SQL injection flaw...

WebGUI < 6.7.6 arbitrary command execution

The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...

CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Cross-Site Scripting in Verisign’s haydn.exe CGI script Date Published: 2006-03-20 Last Update: 2006-03-20 Advisory ID: CORE-2006-0124 Bugtraq ID: None currently assigned CVE Name: None currently assigned Title:...

Cross-Site Scripting in Verisign’s haydn.exe CGI script

Date Published: 2006-03-20 Last Update: 2006-03-20 Advisory ID: CORE-2006-0124 Bugtraq ID: 17170 CVE Name: CVE-2006-1344 Title: Cross-Site Scripting in Verisign’s haydn.exe CGI script Class: Input Validation Error Remotely Exploitable: Yes Locally Exploitable: No Advisory...

Acme thttpd < 2.26 htpasswd Utility Overflow

Binary data 3463.prm...

perl-cal-29920.txt

------=Part1714122617522.1134045408185 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Vendor: Perl-Cal Version tested: Perl-Cal 2.99.20 , other versions may also be affected. Type: Cross Site Scripting Severity: Medium...