62 matches found
Blackboard 5.0 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit...
MyHelpDesk 20020509 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for...
WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software...
ShareCenter D-Link DNS-320 Denial Of Service
!/usr/bin/perl Title: ShareCenter D-Link DNS-320 remote reboot/shutdown/reset DoS. Type: Hardware Remote: yes Author: rigan - imrigan sobachka gmail.com Tested on: Firmware : DNS320-v2.00b06 Security flaws: dskmgr.cgi allows execute reboot via POST request with parameter cmd=FMTrestart...
Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary runnin...
CVE-2009-2947
Cross-site scripting XSS vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages...
DEBIAN-CVE-2009-2947
Cross-site scripting XSS vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages...
Web Application Potentially Sensitive CGI Parameter Detection
According to their names, some CGI parameters may control sensitive data e.g., ID, privileges, commands, prices, credit card data, etc.. In the course of using an application, these variables may disclose sensitive data or be prone to tampering that could result in privilege escalation. These...
Debian Security Advisory DSA 1459-1 (gforge)
The remote host is missing an update to gforge announced via advisory DSA 1459-1. OpenVAS Vulnerability Test $Id: deb14591.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1459-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
DSA-1459-1 gforge - SQL injection
Bulletin has no description...
CVE-2005-3355
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values"...
CVE-2005-3355
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values"...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
CVE-2003-1373
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...
BlackBoard 5.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit this condition via a malicious lin...
MyHelpDesk 20020509 - SQL Injection
MyHelpDesk 20020509 - SQL Injection source: https://www.securityfocus.com/bid/4971/info It is reported that MyHelpDesk version 20020509 and earlier are vulnerable to SQL injection attacks. Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input...
WebScripts WebBBS 4.x5.0 - Remote Command Execution
WebScripts WebBBS 4.x5.0 - Remote Command Execution source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the...
WebScripts WebBBS 4.x/5.0 - Remote Command Execution
source: https://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software. Remote attackers may gain local,...
CVE-2002-0232
Directory traversal vulnerability in Multi Router Traffic Grapher MRTG allows remote attackers to read portions of arbitrary files via a .. dot dot in the cfg parameter for 1 14all.cgi, 2 14all-1.1.cgi, 3 traffic.cgi, or 4 mrtg.cgi...
CVE-2001-0949
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority EVA Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters 1 Mode, 2 CertificateFile, 3 useExpiredCRLs, 4 listenLength, 5 maxThread, 6...