Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in rrdbrowse II - SUMMARY Description: Arbitrary file disclosure vulnerability in rrdbrowse = 1.6 Author: Sebastian Wolfgarten sebastian at wolfgarten dot com, http://www.devtarget.o...

RRDBrowse <= 1.6 Remote Arbitrary File Disclosure Vulnerability

Exploit for cgi platform in category web applications =============================================================== RRDBrowse = 1.6 Remote Arbitrary File Disclosure Vulnerability =============================================================== I - TITLE Security advisory: Arbitrary file disclosu...

HP Openview connectedNodes.ovpl Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen. This module requires Metasploit: https://metasploit.com/download Current source:...

openview_connectednodes_exec.pm.txt

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

Apache web server DoS

Wide HTTP request byterange paramters for CGI application leads to memory exhaustion...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

GLSA-200502-21 : lighttpd: Script source disclosure

The remote host is affected by the vulnerability described in GLSA-200502-21 lighttpd: Script source disclosure lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent as-is. By appending %00 to the filename, yo...

iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability

MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability iDEFENSE Security Advisory 01.13.05 www.idefense.com/application/poi/display?id=181&type=vulnerabilities January 13, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. Max...

Movable Type mt-load.cgi Privilege Escalation

The remote web server is hosting Movable Type with 'mt-load.cgi' installed. Failure to remove mt-load.cgi could enable someone else to create a weblog in your Movable Type installation, and possibly gain access to your data. %NASLMINLEVEL 70300 This script was written by Rich Walchuck rich.walchu...

F-Secure Policy Manager 5.11 - &#039;FSMSH.dll&#039; CGI Application Installation Full Path Disclosure

source: https://www.securityfocus.com/bid/11869/info F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the vulnerable software will return an error message that includes the installation path of the...

F-Secure Policy Manager 5.11 - FSMSH.dll CGI Application Installation Full Path Disclosure

F-Secure Policy Manager 5.11 - FSMSH.dll CGI Application Installation Full Path Disclosure source: https://www.securityfocus.com/bid/11869/info F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the...

YaBB Shadow BBCode Tag XSS

The remote host is using the YaBB web forum software. According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using shadow or glow tags. This may allow an attacker to inject hostile JavaScript into the forum system, to steal cookie...

CVSTrac timeline.c timeline_page Function Overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the timelinepage function in timeline.c that may allow an attacker to cause a buffer overflow. An attacker, exploiting this flaw, would be potentially able t...

CVSTrac history.c history_update Function Overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. Nessus has...

CVSTrac cgi.c Multiple Overflows

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains multiple flaws in the mprintf, vmprintf, and vxprintf functions in cgi.c . A remote attacker, exploiting this flaw, would be able to execute arbitrary code on the remote syste...

WackoWiki TextSearch phrase Parameter XSS

The remote host seems to be running the WackoWiki CGI suite. Based on the version information gathered by Nessus, this instance of WackoWiki may be vulnerable to a remote authentication attack. Exploitation of this vulnerability may allow for theft of cookie-based authentication credentials and...

MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities

The sample CGI mathsum.mscgi is installed on the remote web server. The remote version of this CGI contain several issues which may allow an attacker to execute a cross-site scripting attack, to disable the remote server remotely or to execute arbitrary code with the privileges of the server...

ShopCartCGI Multiple Script Traversal Arbitrary File Access

The remote host is running ShopCartCGI - a set of CGIs designed to set up an on-line shopping cart. The version of ShopCartCGI on the remote host fails to sanitize input to several of its CGI scripts before using it to read and display files. An unauthenticated, remote attacker can leverage these...

Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution

The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...

freesco crossite scripting

Crossite scripting in example CGI application...