340 matches found
ZeroShell Code Execution
======================================================================== ZeroShell /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=user The parameter "type" is used to distinguish between users, CA and host certificates. Unfortunately, this parameter is passed to the following code wi...
3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass
==================================================== 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass Original Advisory: http://www.ikkisoft.com/stuff/LC-2008-05.txt luca.carettoniatikkisoftdotcom ==================================================== An unauthenticated user may...
Design/Logic Flaw
HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the 1 webappmon.exe or 2 OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205...
CVE-2008-4560
CVE-2008-4560 affects HP OpenView Network Node Manager (OV NNM) versions 7.01, 7.51, and 7.53. The vulnerability is an information disclosure in which remote attackers can obtain sensitive details via: (1) a crafted request to nnmRptConfig.exe CGI, revealing log directory pathnames; and (2) a cra...
HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow
Added: 01/14/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the getcvdata.exe C...
HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow
Added: 01/14/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the getcvdata.exe C...
HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow
Added: 01/14/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the getcvdata.exe C...
HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow
Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...
HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow
Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...
HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow
Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...
CVE-2008-0067
Multiple stack-based buffer overflows in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via 1 long string parameters to the OpenView5.exe CGI program; 2 a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a...
CVE-2008-0067
Multiple stack-based buffer overflows in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via 1 long string parameters to the OpenView5.exe CGI program; 2 a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a...
A CGI program vulnerability discovery-vulnerability warning-the black bar safety net
Source: phpeval's BLOG Author: phpeval Yesterday a friend threw me acgiprogram. Call me to think of a way to get a SHELL. The CGI program but I've never seen it. Experience this for me brand new things. It really is a bit no way. But to throw to. Just when learning. I bite the bullet and see. The...
RoarSmithinfo2www远程执行任意命令漏洞
BugCVE: CVE-1999-0266 BUGTRAQ: 1995 “info2www”是一个将GNU Info文本转化成HTML文件的CGI程序。 某些早期版本的info2www脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以Web进程的权限在主机上 执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些shell元字符,远程攻击者可能以Web守护程序的权限(root或nobody)在主机上执行任意程序。 1.0-1.1 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:...
[SECURITY] Fedora 9 Update: adminutil-1.1.7-1.fc9
adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET...
[SECURITY] Fedora 8 Update: adminutil-1.1.7-1.fc8
adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET...
Debian: Security Advisory (DSA-1508-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1508-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 25, 2008 http://www.debian.org/security/faq -...
Debian DSA-1508-1 : diatheke - insufficient input sanitising
Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
Debian Security Advisory DSA 1199-1 (webmin)
The remote host is missing an update to webmin announced via advisory DSA 1199-1. Several vulnerabilities have been identified in webmin, a web-based administration toolkit. CVE-2005-3912 A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing...