Lucene search
K

465 matches found

seebug.org
seebug.org
added 2007/01/09 12:0 a.m.24 views

EditTag多个目录遍历漏洞

EditTag是一款WEB应用程序。 EditTag不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是多个脚本对用户提交的WEB参数缺少过滤,提交系统文件作为参数数据,可导致以WEB权限查看系统文件内容。 Greg Billock EditTag 1.2 目前没有解决方案提供: http://www.thebilberry.com/greg/edittag http://www.example.com/edittag/edittag.cgi?file=INJECT...

7.1AI score
Exploits0
Ubuntu
Ubuntu
added 2006/05/29 5:35 p.m.51 views

USN-287-1: Nagios vulnerability

The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server...

7.5CVSS5.8AI score0.05431EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2006/05/21 12:0 a.m.9 views

Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability

Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a...

5CVSS2.1AI score0.04728EPSS
Exploits0
Prion
Prion
added 2006/05/19 11:2 p.m.20 views

Integer overflow

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

7.5CVSS8AI score0.05431EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2006/05/19 11:2 p.m.31 views

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

7.5CVSS6.4AI score0.05431EPSS
Exploits0References2
NVD
NVD
added 2006/05/19 11:2 p.m.20 views

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

7.5CVSS7.7AI score0.05431EPSS
Exploits0References10
CVE
CVE
added 2006/05/19 11:0 p.m.76 views

CVE-2006-2489

CVE-2006-2489 describes an integer overflow in Nagios CGI scripts triggered by a crafted HTTP Content-Length header. Affects Nagios 1.x before 1.4.1 and 2.x before 2.3.1, allowing remote attackers to cause a crash (DoS) and potentially execute arbitrary code. Connections in related documents indi...

7.5CVSS7.6AI score0.05431EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2006/05/19 11:0 p.m.27 views

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

7.6AI score0.05431EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.34 views

GLSA-200605-07 : Nagios: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200605-07 Nagios: Buffer overflow Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact : A buffer overflow in Nagios CGI scripts...

7.5CVSS9AI score0.05431EPSS
Exploits0References3
NVD
NVD
added 2006/05/03 9:2 p.m.18 views

CVE-2006-2162

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

5CVSS7.6AI score0.04728EPSS
Exploits0References14
Prion
Prion
added 2006/05/03 9:2 p.m.18 views

Buffer overflow

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

5CVSS7.9AI score0.04728EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2006/05/03 9:0 p.m.74 views

CVE-2006-2162

Nagios CGI buffer/integer overflow vulnerability (CVE-2006-2162) affects Nagios 1.x before 1.4 and 2.x before 2.3, caused by improper handling of HTTP headers (Content-Length), enabling remote code execution. Public references describe the issue as an overflow in CGI header handling, with advisor...

5CVSS7.5AI score0.04728EPSS
Exploits0References14Affected Software1
FreeBSD
FreeBSD
added 2006/03/22 12:0 a.m.31 views

OPIE -- arbitrary password change

Problem Description The opiepasswd1 program uses getlogin2 to identify the user calling opiepasswd1. In some circumstances getlogin2 will return "root" even when running as an unprivileged user. This causes opiepasswd1 to allow an unpriviled user to configure OPIE authentication for the root user...

7.2CVSS6.6AI score0.00361EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.36 views

Ubuntu 4.10 / 5.04 : apache2 vulnerability (USN-120-1)

Luca Ercoli discovered that the 'htdigest' program did not perform any bounds checking when it copied the 'user' and 'realm' arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...

7.5CVSS5.7AI score0.29096EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2005/12/27 12:0 a.m.38 views

webcalXSS.txt

Author: Stan Bubrouski Date: December 16, 2005 Package: WebCal by Michael Arndt; http://bulldog.tzo.org/webcal/webcal.html Versions Affected: 1.11-3.04 unknown alertdocument.cookie&cal=public http://bulldog.tzo.org/perl/webcal.cgi?function=webyear&cal=public&year=alertdocument.cookie...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.84 views

SunSolve CD CGI user input validation

Sunsolve CD CGI scripts does not validate user input. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.7AI score0.1187EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.15 views

ODBC Tools Multiple Vulnerabilities

Many Web servers ship with default CGI scripts which allow for ODBC access and configuration. Some of these test ODBC tools are present on the remote web server SPDX-FileCopyrightText: 2002 David Kyger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.174 views

Detection of various dangerous CGI scripts (HTTP) - Active Check

Various CGI scripts have known vulnerabilities tracked via the via the referenced CVEs. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Also cove...

10CVSS7AI score0.15605EPSS
Exploits29References7
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.17 views

phpGedView Code injection Vulnerability

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information abo...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2005/09/04 12:0 a.m.9 views

man2web 0.88 - Multiple Remote Command Executions (2)

man2web 0.88 - Multiple Remote Command Executions 2 / str0ke@server:$ ./test some.edu "w" /cgi-bin/man2web 80 1 /str0ke / / dl-mancgi.c v0.2 x86/linux multipie man2web cgi-scripts remote command spawn found and coded by tracewar darklogic team for educaional purposes only. greetz goes to: matan...

7.6AI score
Exploits0
Rows per page
Query Builder