Debian: Security Advisory (DSA-1816-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netgear DG632 Router Authentication Bypass Vulnerability

Exploit for hardware platform in category remote exploits ======================================================== Netgear DG632 Router Authentication Bypass Vulnerability ======================================================== Product Name: Netgear DG632 Router Vendor: http://www.netgear.com...

Design/Logic Flaw

cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string...

Fedora Update for mod_perl FEDORA-2007-576

Check for the Version of modperl OpenVAS Vulnerability Test Fedora Update for modperl FEDORA-2007-576 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

The CGI script of the invasion to get started quickly+script method of use-vulnerability warning-the black bar safety net

Preface: The following explanation is directed to Europe and the United States Japan website When we are doing penetration analysis of the time there are many ways to We all know the foreign servers are mostly linux platform So there are many website programs have 6 Chengdu will use a cgi script ...

Fedora Update for mod_perl FEDORA-2007-0316

Check for the Version of modperl OpenVAS Vulnerability Test Fedora Update for modperl FEDORA-2007-0316 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)

The 'ovlaunch.exe' CGI script included with the version of HP OpenView Network Node Manager installed on the remote host reveals various configuration details in response to a specially crafted request. An unauthenticated, remote attacker could leverage this information to launch further attacks...

AWStats migrate Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration fil...

Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)

Binary data 4795.prm...

Sympa < 4.1.3 XSS Vulnerability

The remote web server contains a CGI script that is affected by a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Tenable Network Security Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

TWiki bin/configure 'image' Parameter Traversal Arbitrary File Access/Execution

The version of TWiki running on the remote host allows access to the 'configure' script, and fails to sanitize the 'image' parameter of that script. When the 'action' parameter is set to 'image', an unauthenticated attacker can exploit this issue to execute arbitrary code or to view arbitrary fil...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

CGIWrap Charset Specification Weakness Error Message XSS

The remote host is running CGIWrap, a wrapper for CGI scripts to provide enhanced security. The version of CGIWrap installed on the remote host does not specify a charset when responses are for error pages. An attacker may be able to leverage this issue to inject arbitrary HTML and script code in...

Matt Wright guestbook.pl Arbitrary Command Execution

The Matt Wright guestbook.pl 'Matt Wright guestbook.pl Arbitrary Command Execution', 'Description' = %q The Matt Wright guestbook.pl 'aushack' , 'License' = MSFLICENSE, 'References' = 'CVE...

Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities

The remote host is running RedHat or Fedora Directory Server Admin Service. The version of this software installed on the remote host is vulnerable to remote command execution flaw through the argument 'admurl' of the script '/bin/admin/admin/bin/download'. A malicious user could exploit this fla...

HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access

The version of HP OpenView Network Node Manager installed on the remote host fails to completely sanitize user input to the 'Action' parameter of the 'OpenView5.exe' CGI script. Using a value with directory traversal sequences containing slashes rather than backslashes, an unauthenticated, remote...

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description lighttpd contains a calculation error when allocating the global file descriptor array CVE-2008-0983. Furthermore, it sends the source of a CGI script instead of returning a 500 error Internal Server Error when the fork...