249 matches found
Exploit for OS Command Injection in Gnu Bash
ShellShock-CGI-Scan =================== A script, in C, to chec...
Multiple Igreks MilkyStep Products Cross-Site Scripting Vulnerabilities
Igreks MilkyStep is a CGI for pushing magazines through the email system. A cross-site scripting vulnerability exists in multiple Igreks MilkyStep products, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...
Moxa VPort ActiveX SDK Plus Stack Buffer Overflow Vulnerability
Moxa's VPort SDK PLUS, including CGI command, ActiveX control and API libraries, allows third-party developers to easily integrate customized monitoring applications. Moxa VPort ActiveX SDK Plus suffers from a stack buffer overflow vulnerability. A remote attacker can exploit the vulnerability by...
USN-2501-1 php5 vulnerabilities
Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...
SYNCK GRAPHICA Download Log CGI Directory Traversal Vulnerability
A directory traversal vulnerability in the SYNCK GRAPHICA Download Log CGI allows remote attackers to overwrite arbitrary files in an application context using a directory traversal sequence with a specially crafted request '... /' to overwrite arbitrary files in the context of an application...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
UBUNTU-CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
php: command line arguments injection when run in CGI mode (VU#520827)
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
VulnCheck KEV: CVE-2012-2311
sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line...
PYSEC-2010-31
Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program...
IBM Lotus Domino Web Service Denial of Service (CVE-2005-0986)
IBM Lotus Domino server software provides messaging, calendar/scheduling and other collaborative applications. A vulnerability exists in IBM's Lotus Domino Web Server, in the HTTP server included with Lotus Domino, specifically in the way it handles Common Gateway Interface CGI requests. The flaw...
PT-2008-5380 · Ledgersmb +2 · Ledgersmb +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions 2.8.17 and earlier Description: The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. Thi...
BBSNote cross-site scripting vulnerability
Overview BBSNote, CGI bulletin board script, contains a cross-site scripting vulnerability due to improper handling of CGI arguments. Impact A malicious script may be executed on the user's web browser. Solution None...
FreeStyleWiki command injection vulnerability
Overview A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface. Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution N...
CGI RESCUE WebFORM vulnerable to cross-site scripting
Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...
DEBIAN-CVE-2007-6077
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...
Ruby CGI multipart parsing DoS
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...