CVE-2008-0893

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...

Server: unrestricted access to CGI scripts

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...

Cross site scripting

Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...

CVE-2008-1360

Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...

CVE-2008-1360

Nagios2 CGI scripts before a fixed update are vulnerable to cross-site scripting (CVE-2007-5624, CVE-2007-5803, CVE-2008-1360). Exploitation is remote and relies on input sanitising gaps in the web interface, as detailed in Debian DSA-1883-1/DSA-1883-2 and OpenVAS entries. The issue is not limite...

Debian DSA-1513-1 : lighttpd - information disclosure

It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Information disclosure

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

HP OpenView Network Node Manager Multiple CGI Remote Overflows

The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it. By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to...

Cross site scripting

Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...

CVE-2007-5624

Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...

CVE-2007-5624

Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...

CVE-2007-5624

Cross-site scripting XSS vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts...

CVE-2007-5624

CVE-2007-5624 concerns a cross-site scripting flaw in Nagios2 (Nagios 2.x) via multiple CGI parameters. The vulnerability arises from missing input sanitising in several CGI scripts, enabling an attacker to inject arbitrary HTML/script via remote vectors. Public documentation (including Debian DS...

CVE-2004-2735

Cross-site scripting XSS vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 SETPREFERENCES parameter in SetPreferences.cgi; 2 BRANCH parameter in branchView.cgi; 3 FSPC and 4 COMPLETE parameters in changeByUsers.cgi; 5 FSPC, 6 LABEL, 7...

[SECURITY] Fedora Core 6 Update: php-5.1.6-3.7.fc6

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora Core 6 Update: php-5.1.6-3.4.fc6

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

EditTag多个目录遍历漏洞

EditTag是一款WEB应用程序。 EditTag不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是多个脚本对用户提交的WEB参数缺少过滤，提交系统文件作为参数数据，可导致以WEB权限查看系统文件内容。 Greg Billock EditTag 1.2 目前没有解决方案提供： http://www.thebilberry.com/greg/edittag http://www.example.com/edittag/edittag.cgi?file=INJECT...

USN-287-1: Nagios vulnerability

The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server...

Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability

Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a...