18 matches found
EUVD-2007-3357
Malware in sbrugna...
EUVD-2007-3356
Malware in sbrugna...
CVE-2013-0132
The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...
CVE-2013-0132
The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables...
SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6316)
PHP5 was updated with incremental fixes to the previous update : - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network...
SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6440)
PHP5 was updated with incremental fixes to the previous update. - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 - heap-based buffer overflow in php's ph...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8133)
PHP5 was updated with incremental fixes to the previous update : - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 %NASLMINLEVEL 70300 C Tenable Network...
Debian DSA-2335-1 : man2html - missing input sanitization
Tim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting XSS attacks...
DSA-2335-1 man2html - missing input sanitization
Bulletin has no description...
Cross site scripting
Cross-site scripting XSS vulnerability in Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
CVE-2007-3367
Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from...
Information disclosure
Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2007-3366
Cross-site scripting XSS vulnerability in Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
CVE-2007-3367
Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2007-3366
CVE-2007-3366 describes a Cross-site scripting (XSS) vulnerability in the Simple CGI Wrapper (scgiwrap) used by cPanel, affecting cPanel before 10.9.1 and 11.x before 11.4.19-R14378. The issue allows remote attackers to inject arbitrary web script or HTML via the request URI. The connected docume...
DEBIAN-CVE-2006-3848
Cross-site scripting XSS vulnerability in CGI wrapper for IP Calculator IPCalc 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI environment variable, which is used in the actionurl variable...
CVE-2006-3848
Cross-site scripting XSS vulnerability in CGI wrapper for IP Calculator IPCalc 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI environment variable, which is used in the actionurl variable...
CVE-2006-3848
The CVE-2006-3848 entry describes a Cross-site Scripting (XSS) vulnerability in the CGI wrapper for IP Calculator (IPCalc) version 0.40. The flaw arises because the attacker can inject arbitrary web script or HTML through the URI (REQUEST_URI environment variable), which is used in the actionurl ...