golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS

A flaw was found in the Go standard library packages before upstream versions 1.15 and 1.14.8. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". This flaw allows an attacker to exploit this issue in...

Active Classifieds 1.0 Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds that may allow remo...

Active Classifieds 1.0 - Arbitrary Code Execution

source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds that may allow remote users to perform some...

Advisory for A1Stats

Advisory for A1Stats A1Stats is made by Drummond Miles Site: http://www.gadnet.com/a1stats by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0114 /-|=explanation=|- A1Stats is a CGI package to track website traffic. The package has a view files bug and also gives the...