Lucene search
K

62 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Blackboard 5.0 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

MyHelpDesk 20020509 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/12/05 12:0 a.m.22 views

ShareCenter D-Link DNS-320 Denial Of Service

!/usr/bin/perl Title: ShareCenter D-Link DNS-320 remote reboot/shutdown/reset DoS. Type: Hardware Remote: yes Author: rigan - imrigan sobachka gmail.com Tested on: Firmware : DNS320-v2.00b06 Security flaws: dskmgr.cgi allows execute reboot via POST request with parameter cmd=FMTrestart...

7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2010/07/13 12:0 a.m.27 views

Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary runnin...

9CVSS6.3AI score0.07465EPSS
Exploits0References1
OSV
OSV
added 2009/09/14 4:30 p.m.3 views

CVE-2009-2947

Cross-site scripting XSS vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages...

5.5AI score
Exploits0References6
OSV
OSV
added 2009/09/14 4:30 p.m.1 views

DEBIAN-CVE-2009-2947

Cross-site scripting XSS vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages...

4.3CVSS5.8AI score0.019EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/08/25 12:0 a.m.494 views

Web Application Potentially Sensitive CGI Parameter Detection

According to their names, some CGI parameters may control sensitive data e.g., ID, privileges, commands, prices, credit card data, etc.. In the course of using an application, these variables may disclose sensitive data or be prone to tampering that could result in privilege escalation. These...

5.5AI score
Exploits0
OpenVAS
OpenVAS
added 2008/01/31 12:0 a.m.19 views

Debian Security Advisory DSA 1459-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1459-1. OpenVAS Vulnerability Test $Id: deb14591.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1459-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

7.5CVSS0.2AI score0.02092EPSS
Exploits0
OSV
OSV
added 2008/01/13 12:0 a.m.27 views

DSA-1459-1 gforge - SQL injection

Bulletin has no description...

7.5CVSS6.2AI score0.02092EPSS
Exploits0
NVD
NVD
added 2005/11/18 10:3 p.m.14 views

CVE-2005-3355

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values"...

6.4CVSS6.4AI score0.02226EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2005/11/18 10:3 p.m.16 views

CVE-2005-3355

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values"...

6.4CVSS5.9AI score0.02226EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/02/10 12:0 a.m.45 views

awstats -- arbitrary command execution

Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...

7.5CVSS7.2AI score0.07365EPSS
Exploits3References4
NVD
NVD
added 2003/12/31 5:0 a.m.18 views

CVE-2003-1373

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...

6.8CVSS6.8AI score0.01268EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2002/07/01 12:0 a.m.28 views

BlackBoard 5.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit this condition via a malicious lin...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/06/10 12:0 a.m.13 views

MyHelpDesk 20020509 - SQL Injection

MyHelpDesk 20020509 - SQL Injection source: https://www.securityfocus.com/bid/4971/info It is reported that MyHelpDesk version 20020509 and earlier are vulnerable to SQL injection attacks. Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2002/06/06 12:0 a.m.17 views

WebScripts WebBBS 4.x5.0 - Remote Command Execution

WebScripts WebBBS 4.x5.0 - Remote Command Execution source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/06 12:0 a.m.31 views

WebScripts WebBBS 4.x/5.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. Remote attackers may gain local,...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.20 views

CVE-2002-0232

Directory traversal vulnerability in Multi Router Traffic Grapher MRTG allows remote attackers to read portions of arbitrary files via a .. dot dot in the cfg parameter for 1 14all.cgi, 2 14all-1.1.cgi, 3 traffic.cgi, or 4 mrtg.cgi...

6.7AI score0.01868EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.20 views

CVE-2001-0949

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority EVA Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters 1 Mode, 2 CertificateFile, 3 useExpiredCRLs, 4 listenLength, 5 maxThread, 6...

7.7AI score0.04063EPSS
Exploits0References17
Rows per page
Query Builder