465 matches found
WEBrick Encoded Traversal Arbitrary CGI Source Disclosure
The remote instance of WEBrick, a standard library of Ruby to implement HTTP servers, allows an attacker to view the source of CGI scripts hosted by the affected application by appending to the URL certain characters, such as '+', '%2b', '.', '%2e', or '%20'. Note that successful exploitation may...
CVE-2008-0893
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...
Design/Logic Flaw
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...
CVE-2008-0893
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...
Server: unrestricted access to CGI scripts
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...
Cross site scripting
Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...
CVE-2008-1360
Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...
CVE-2008-1360
Nagios2 CGI scripts before a fixed update are vulnerable to cross-site scripting (CVE-2007-5624, CVE-2007-5803, CVE-2008-1360). Exploitation is remote and relies on input sanitising gaps in the web interface, as detailed in Debian DSA-1883-1/DSA-1883-2 and OpenVAS entries. The issue is not limite...
Debian DSA-1513-1 : lighttpd - information disclosure
It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Information disclosure
modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...
CVE-2008-1111
modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...
HP OpenView Network Node Manager Multiple CGI Remote Overflows
The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it. By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to...
CVE-2007-5624
Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...
CVE-2007-5624
Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...
Cross site scripting
Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...
CVE-2007-5624
CVE-2007-5624 concerns a cross-site scripting flaw in Nagios2 (Nagios 2.x) via multiple CGI parameters. The vulnerability arises from missing input sanitising in several CGI scripts, enabling an attacker to inject arbitrary HTML/script via remote vectors. Public documentation (including Debian DS...
CVE-2007-5624
Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...
CVE-2004-2735
Cross-site scripting XSS vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 SETPREFERENCES parameter in SetPreferences.cgi; 2 BRANCH parameter in branchView.cgi; 3 FSPC and 4 COMPLETE parameters in changeByUsers.cgi; 5 FSPC, 6 LABEL, 7...
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.7.fc6
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.4.fc6
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...