Security Bulletin: Vulnerabilities CVE-2016-5387 and CVE-2016-5388 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-5388 DESCRIPTION: Apache Tomcat could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of...

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)

Summary PowerKVM is affected by a vulnerability in lighttpd. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-1000212 DESCRIPTION: lighttpd could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from...

Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)

Summary PowerKVM is affected by a vulnerability in PHP. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence ...

Security Bulletin: A vulnerability in the Apache HTTP Server affects PowerKVM (CVE-2016-5387)

Summary PowerKVM is affected by a vulnerability in the Apache HTTP Server httpd. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the lack of protection ...

Security Bulletin: IBM Security Access Manager is affected by vulnerabilities in Python (CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110)

Summary Vulnerabilities have been identified in Python. IBM Security Access Manager appliances use Python and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by...

biblioteca.fagro.edu.uy XSS vulnerability

Open Bug Bounty ID: OBB-609731 Description| Value ---|--- Affected Website:| biblioteca.fagro.edu.uy Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

The vulnerability of the “viewcert” component in the CGI application of the web interface for administering the Sonicwall Secure Remote Access server allows a perpetrator to execute arbitrary commands.

The vulnerability of the “viewcert” component /cgi-bin/viewcert of the CGI application for the web interface of the Dell Inc. Sonicwall Secure Remote Access SRA system management application is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a...

Security Advisory - A CGI application vulnerability in Some Huawei Products

Some open source software used by Huawei does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

Trend Micro OfficeScan cgiShowClientAdm Remote Memory Corruption

The version of Trend Micro OfficeScan running on the remote host is 11.x prior to 11.0 SP1 CP 6426, or 12.x prior to 12.0 CP 1708. It is, therefore, affected by a remote memory corruption flaw in cgiShowClientAdm.exe due to improper input validation. An unauthenticated remote attacker can corrupt...

CVE-2016-9683

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...

ALPINE-CVE-2016-6631

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

DEBIAN-CVE-2016-6631

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

CVE-2016-6631

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

Remote code execution

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

CVE-2016-6631

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

Netgear ReadyNAS Remote Code Execution

Unauthenticated Remote Command Execution in Netgear ReadyNAS Surveillance ========================================================================= Product Description =================== Netgear ReadyNAS Surveillance is a NVR Network Video Recorder available for Netgear NAS systems. Vulnerabilit...

HTTP Proxy header vulnerability

Addressing HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/. Please update to this version of Guzzle in order to mitigate the vulnerability when sending Guzzle requests inside of a CGI application. - Fixing timeout bug with StreamHandler - Only read up to Content-Length in...

CVE-2013-7329

The CGI::Application module before 4.5050 and 4.5051 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information web queries and environment details via vectors related to the dumphtml function...