[SECURITY] [DSA 586-1] New ruby packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 586-1 [email protected] http://www.debian.org/security/ Martin Schulze November 8th, 2004 http://www.debian.org/security/faq -...

DSA-586-1 ruby - infinite loop

Bulletin has no description...

ruby -- CGI DoS

The Ruby CGI.rb module contains a bug which can cause the CGI module to go into an infinite loop, thereby causing a denial-of-service situation on the web server by using all available CPU time...

CVE-2003-0097

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings cgi.forceredirect or --enable-force-cgi-redirect...

CVE-2003-0097

The CVE-2003-0097 entry concerns PHP 4.3.0’s CGI module, where a flaw in force redirect handling (cgi.force_redirect or --enable-force-cgi-redirect) can allow an attacker to access arbitrary files as the PHP user and potentially execute PHP code. Public sources describe this as a by-design bypass...

PHP < 4.3.1 CGI Module File Access

Binary data 1477.prm...

DEBIAN-CVE-2003-0615

Cross-site scripting XSS vulnerability in startform of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter...

perl cgi.pm crossite scripting

Crossite scripting on startform function...

CVE-2003-0097

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings cgi.forceredirect or --enable-force-cgi-redirect...

PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access

The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11237;...

CVE-2002-0249

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message...

CVE-2002-0249

CVE-2002-0249 affects PHP for Windows when used as a standalone CGI module on Apache 2.0.28 beta, where a crafted request with malformed arguments can disclose the physical path to php.exe in error messages. Affects PHP for Windows running under Apache CGI; the issue stems from error handling tha...

Roxen security alert: URL decoding vulnerable

Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...

CVE-1999-1462

Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files...