HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

CGIWrap Charset Specification Weakness Error Message XSS

The remote host is running CGIWrap, a wrapper for CGI scripts to provide enhanced security. The version of CGIWrap installed on the remote host does not specify a charset when responses are for error pages. An attacker may be able to leverage this issue to inject arbitrary HTML and script code in...

Matt Wright guestbook.pl Arbitrary Command Execution

The Matt Wright guestbook.pl 'Matt Wright guestbook.pl Arbitrary Command Execution', 'Description' = %q The Matt Wright guestbook.pl 'aushack' , 'License' = MSFLICENSE, 'References' = 'CVE...

Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities

The remote host is running RedHat or Fedora Directory Server Admin Service. The version of this software installed on the remote host is vulnerable to remote command execution flaw through the argument 'admurl' of the script '/bin/admin/admin/bin/download'. A malicious user could exploit this fla...

HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access

The version of HP OpenView Network Node Manager installed on the remote host fails to completely sanitize user input to the 'Action' parameter of the 'OpenView5.exe' CGI script. Using a value with directory traversal sequences containing slashes rather than backslashes, an unauthenticated, remote...

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description lighttpd contains a calculation error when allocating the global file descriptor array CVE-2008-0983. Furthermore, it sends the source of a CGI script instead of returning a 500 error Internal Server Error when the fork...

Debian Security Advisory DSA 1486-1 (gnatsweb)

The remote host is missing an update to gnatsweb announced via advisory DSA 1486-1. OpenVAS Vulnerability Test $Id: deb14861.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1486-1 gnatsweb Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian Security Advisory DSA 650-1 (sword)

The remote host is missing an update to sword announced via advisory DSA 650-1. OpenVAS Vulnerability Test $Id: deb6501.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 650-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-650-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ht://dig htsearch sort Parameter XSS

The htsearch CGI script is accessible through the remote web server. htsearch is a component of ht://Dig used to index and search documents such as web pages. The version of htsearch installed on the remote host fails to sanitize user-supplied input to the 'sort' parameter before using it to...

Alcatel-Lucent OmniPCX Remote Command Execution

Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...

rt-sa-2007-001.txt

Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...

[Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability

SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...

Code injection

The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...

CVE-2007-3011

Summary (concrete details): CVE-2007-3011 affects Fujitsu-Siemens ServerView prior to v4.50.09 where the DBAsciiAccess CGI script in the web interface processes the Servername subparameter of the ParameterList and fails to sanitize input, enabling remote command execution. An attacker can inject ...

Fujitsu ServerView DBASCIIAccess脚本远程代码执行漏洞

BUGTRAQ ID: 24762 CVECAN ID: CVE-2007-3011 ServerView是用于进行自动分析和版本维护的资产管理工具。 ServerView的Web接口处理用户数据时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程的权限执行任意命令。 DBAsciiAccess CGI脚本提供了ping功能，该脚本Parameterlist参数的Servername子参数给出了所要ping的IP地址，但没有对这个IP地址执行任何检查。如果在IP后添加了拖尾分号，攻击者就可以注入任意shell命令并以Web服务器进程的权限执行。 Fujitsu...

[Full-disclosure] Fujitsu-Siemens ServerView Remote Command Execution

Advisory: Fujitsu-Siemens ServerView Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Fujitsu- Siemens ServerView during a penetration test. The DBAsciiAccess CGI script is vulnerable to a remote command execution because of a parameter which is not properl...

Fujitsu-Siemens ServerView code execution

Shell characters filtering problem in Web interface "ping" CGI script...