78 matches found
CVE-2007-3011
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...
Code injection
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...
CVE-2007-3011
Summary (concrete details): CVE-2007-3011 affects Fujitsu-Siemens ServerView prior to v4.50.09 where the DBAsciiAccess CGI script in the web interface processes the Servername subparameter of the ParameterList and fails to sanitize input, enabling remote command execution. An attacker can inject ...
CVE-2007-3011
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...
Fujitsu ServerView DBASCIIAccess脚本远程代码执行漏洞
BUGTRAQ ID: 24762 CVECAN ID: CVE-2007-3011 ServerView是用于进行自动分析和版本维护的资产管理工具。 ServerView的Web接口处理用户数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程的权限执行任意命令。 DBAsciiAccess CGI脚本提供了ping功能,该脚本Parameterlist参数的Servername子参数给出了所要ping的IP地址,但没有对这个IP地址执行任何检查。如果在IP后添加了拖尾分号,攻击者就可以注入任意shell命令并以Web服务器进程的权限执行。 Fujitsu...
[Full-disclosure] Fujitsu-Siemens ServerView Remote Command Execution
Advisory: Fujitsu-Siemens ServerView Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Fujitsu- Siemens ServerView during a penetration test. The DBAsciiAccess CGI script is vulnerable to a remote command execution because of a parameter which is not properl...
Fujitsu-Siemens ServerView code execution
Shell characters filtering problem in Web interface "ping" CGI script...
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution source: https://www.securityfocus.com/bid/24762/info Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute...
Fujitsu ServerView 4.50.8 - DBASCIIAccess Remote Command Execution
source: https://www.securityfocus.com/bid/24762/info Fujitsu ServerView is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the affected application...
CVE-2006-3579
Cross-site scripting XSS vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-3578
Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2006-3579
The provided connected documents confirm CVE-2006-3579 is a cross-site scripting (XSS) flaw in Fujitsu ServerView products. Affected versions are Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81. The root cause and exact exploitation vector are not detailed in the supplied material...
CVE-2006-3578
Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2006-3578
The CVE-2006-3578 issue concerns Fujitsu ServerView (versions 2.50–3.60L98 and 4.10L11–4.11L81). The connected JVN entry notes a directory traversal vulnerability that could allow a remote attacker to view specific server files. Details on affected components, root cause, exploitation vectors, or...
CVE-2006-3579
Cross-site scripting XSS vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JVN#76686161: ServerView cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
JVN#73368472: ServerView directory traversal vulnerability
Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
[SA21011] ServerView Cross-Site Scripting and Directory Traversal
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...