EUVD-2001-1222

Malware in sbrugna...

Apache Tomcat 9.0.0-M1 < 9.0.105 CGI Security Constraint Bypass

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.105, 10.1.0-M1 prior to 10.1.41 or 11.0.0-M1 prior to 11.0.7. It is, therefore, affected by a CGI security sonstraint bypass. Note that the scanner has not attempted to exploit these issues but has instead relied...

Fixed in Apache Tomcat 9.0.105

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

Fixed in Apache Tomcat 10.1.41

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

RHEL 8 : ruby:3.1 (RHSA-2025:4063)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4063 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

The Bash Vulnerability: How to Protect your Environment

A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...

Drummond Miles A1Stats 1.0 a1disp4.cgi Traversal Arbitrary File Read

No description provided by source. source: http://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script. An...

XSS vulnerability in /admin/chooseBuildsToMove.action resource

We have identified and fixed a reflected cross-site scripting XSS vulnerability in the Bamboo chooseBuildsToMove resource. This issue is reported in our security advisory on this page: https://confluence.atlassian.com/x/rQP5FQ You can read more about XSS attacks at:...

Fedora 10 : nagios-3.0.5-1.fc10 (2008-10323)

Upstream has released a new version: Security fix for Cross Site Request Forgery CSRF bug reported by Tim Starling. Sample audio files for CGIs removed from distribution Fix for mutliline config file continuation bug Minor fix to RPM spec file Fix for AIX compiler warnings Minor sample config fil...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

PHP/ASP/CGI web applications security bugs

PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc...

PHP/ASP/CGI web applications security bugs

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

PHP/ASP/CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

Ruby insecure file permissions in the CGI session management

According to a Debian Security Advisory: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...

CGI bugs

No description provided...

phpBB < 2.0.7 Multiple XSS

There are cross-site scripting vulnerabilities in the files 'ViewTopic.php' and 'ViewForum.php' in the remote installation of phpBB. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid12093; scriptversion"1.27";...

CGI bugs

No description provided...

QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access

The CGI 'quickstore.cgi' is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 23 Dec 2003 20:27:51 +0800 From: DrPonidi Haryanto Subject:...

CGI bugs

No description provided...

Leif Wright ad.cgi file Parameter Arbitrary Command Execution

The CGI 'ad.cgi' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...