CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

Integer overflow

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

CVE-2006-2489 describes an integer overflow in Nagios CGI scripts triggered by a crafted HTTP Content-Length header. Affects Nagios 1.x before 1.4.1 and 2.x before 2.3.1, allowing remote attackers to cause a crash (DoS) and potentially execute arbitrary code. Connections in related documents indi...

GLSA-200605-07 : Nagios: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200605-07 Nagios: Buffer overflow Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact : A buffer overflow in Nagios CGI scripts...

CVE-2006-2162

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

Buffer overflow

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

CVE-2006-2162

Nagios CGI buffer/integer overflow vulnerability (CVE-2006-2162) affects Nagios 1.x before 1.4 and 2.x before 2.3, caused by improper handling of HTTP headers (Content-Length), enabling remote code execution. Public references describe the issue as an overflow in CGI header handling, with advisor...

OPIE -- arbitrary password change

Problem Description The opiepasswd1 program uses getlogin2 to identify the user calling opiepasswd1. In some circumstances getlogin2 will return "root" even when running as an unprivileged user. This causes opiepasswd1 to allow an unpriviled user to configure OPIE authentication for the root user...

Ubuntu 4.10 / 5.04 : apache2 vulnerability (USN-120-1)

Luca Ercoli discovered that the 'htdigest' program did not perform any bounds checking when it copied the 'user' and 'realm' arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...

webcalXSS.txt

Author: Stan Bubrouski Date: December 16, 2005 Package: WebCal by Michael Arndt; http://bulldog.tzo.org/webcal/webcal.html Versions Affected: 1.11-3.04 unknown alertdocument.cookie&cal=public http://bulldog.tzo.org/perl/webcal.cgi?function=webyear&cal=public&year=alertdocument.cookie...

ODBC Tools Multiple Vulnerabilities

Many Web servers ship with default CGI scripts which allow for ODBC access and configuration. Some of these test ODBC tools are present on the remote web server SPDX-FileCopyrightText: 2002 David Kyger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SunSolve CD CGI user input validation

Sunsolve CD CGI scripts does not validate user input. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Detection of various dangerous CGI scripts (HTTP) - Active Check

Various CGI scripts have known vulnerabilities tracked via the via the referenced CVEs. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Also cove...

phpGedView Code injection Vulnerability

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information abo...

man2web 0.88 - Multiple Remote Command Executions (2)

man2web 0.88 - Multiple Remote Command Executions 2 / str0ke@server:$ ./test some.edu "w" /cgi-bin/man2web 80 1 /str0ke / / dl-mancgi.c v0.2 x86/linux multipie man2web cgi-scripts remote command spawn found and coded by tracewar darklogic team for educaional purposes only. greetz goes to: matan...

[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability

Gentoo Linux Security Advisory GLSA 200508-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Apache 2.0: Denial of Service vulnerability

Background The Apache HTTP Server Project is a featureful, freely-available HTTP Web server. Description Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap...

CVE-2002-1986

Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot "."...