HP-UX PHSS_29541 : HPSBUX0310-285 SSRT3642 Potential Security Vulnerabilities Apache web server HP-UX VVOS and Webproxy.

s700800 11.04 Virtualvault 4.5 IWS Update : 1. Potential Apache web server crash when it goes into an infinite loop due to too many subsequent internal redirects and nested subrequests. VU379828 2. No de-allocation of file descriptors while servicing CGI scripts through child processes...

Lighttpd < 1.3.8 CGI Source Disclosure

Binary data 2624.prm...

lighttpd: Script source disclosure

Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...

AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)

The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software is prone to a command execution flaw as well as an information disclosure vulnerability. An attacker may exploit this feature to obtain more information...

GLSA-200501-36 : AWStats: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200501-36 AWStats: Remote code execution When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin...

CVE-2004-1442

CVE-2004-1442 describes a cross-site scripting (XSS) vulnerability in the db2www CGI interpreter of IBM Net.Data 7 and 7.2. The issue allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is mishandled in error messages such as DTWP001E. The provided sources i...

PHP/ASP/CGI web applications security bugs

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

lighttpd -- script source disclosure vulnerability

The lighttpd website reports: In lighttpd 1.3.7 and below it is possible to fetch the source files which should be handled by CGI or FastCGI applications. The vulnerability is in the handling of urlencoded trailing NUL bytes. Installations that do not use CGI or FastCGI are not affected...

awstats -- arbitrary command execution

Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...

Multiple bugs in Savant Web Server

Buffer overflow on long URL, directory traversal, buffer overflows in CGI, etc...

AWStats: Remote code execution

Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...

PHP/ASP/CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...

DSA-650-1 sword - missing input sanitising

Bulletin has no description...

CVE-2005-0111

Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter...

[Full-Disclosure] iDEFENSE Security Advisory 01.17.05: AWStats Remote Command Execution Vulnerability

AWStats Remote Command Execution Vulnerability iDEFENSE Security Advisory 01.17.05 www.idefense.com/application/poi/display?id=185&type=vulnerabilities January 17, 2005 I. BACKGROUND AWStats is a free tool that generates advanced web, ftp or mail server statistics, graphically. More information...

PHP/ASP/CGI web applications security flaws

No description provided...

iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability

MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability iDEFENSE Security Advisory 01.13.05 www.idefense.com/application/poi/display?id=181&type=vulnerabilities January 13, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. Max...

Movable Type mt-load.cgi Privilege Escalation

The remote web server is hosting Movable Type with 'mt-load.cgi' installed. Failure to remove mt-load.cgi could enable someone else to create a weblog in your Movable Type installation, and possibly gain access to your data. %NASLMINLEVEL 70300 This script was written by Rich Walchuck rich.walchu...