405 matches found
CVE-2016-6140
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591...
UBUNTU-CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...
Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
UBUNTU-CVE-2016-5386
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...
The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.
The vulnerability exists in the modcgid module of the Apache HTTP Server due to the absence of a timeout mechanism. Exploiting this vulnerability allows malicious actors to cause a service failure by sending requests to the CGI script, thereby ignoring the data from their own stdin descriptor...
The vulnerability of the Cisco Nexus 5000 software allows a malicious individual to execute arbitrary code.
The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...
MileSight camera Web UI CGI Buffer Overflow Vulnerability
MileSight camera is a network camera produced by Xiamen PulseVision Digital Technology Co. A Web UI CGI buffer overflow vulnerability exists in MileSight camera. An attacker can exploit the vulnerability to cause the camera's web interface to crash and remotely execute arbitrary code...
UBUNTU-CVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
PT-2015-7793 · Philip Hazel +2 · Pcre +2
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of the -q option for binary files by pcregrep in PCRE, potentially allowing remote attackers to obtain sensitive information via a crafted file. This could be exploit...
Exploit for OS Command Injection in Gnu Bash
ShellShock-CGI-Scan =================== A script, in C, to chec...
Multiple Igreks MilkyStep Products Cross-Site Scripting Vulnerabilities
Igreks MilkyStep is a CGI for pushing magazines through the email system. A cross-site scripting vulnerability exists in multiple Igreks MilkyStep products, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...
Moxa VPort ActiveX SDK Plus Stack Buffer Overflow Vulnerability
Moxa's VPort SDK PLUS, including CGI command, ActiveX control and API libraries, allows third-party developers to easily integrate customized monitoring applications. Moxa VPort ActiveX SDK Plus suffers from a stack buffer overflow vulnerability. A remote attacker can exploit the vulnerability by...
USN-2501-1 php5 vulnerabilities
Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...
SYNCK GRAPHICA Download Log CGI Directory Traversal Vulnerability
A directory traversal vulnerability in the SYNCK GRAPHICA Download Log CGI allows remote attackers to overwrite arbitrary files in an application context using a directory traversal sequence with a specially crafted request '... /' to overwrite arbitrary files in the context of an application...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...