9775 matches found
Netbilling nbmember.cgi cmd Parameter Information Disclosure
nbmember.cgi is installed on the remote host. The remote version of this software is vulnerable to an information disclosure flaw which may allow an attacker to access sensitive system information resulting in a loss of confidentiality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
CGI bugs
No description provided...
CGI bugs
No description provided...
CGI bugs
No description provided...
CGI bugs
No description provided...
RHEL 2.1 / 3 : ruby (RHSA-2004:441)
An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...
Low: Red Hat Security Advisory: ruby security update
An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...
security flaw
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
Debian DSA-537-1 : ruby - insecure file permissions
Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore, but not in Debian woody implementations store session information insecurely. They simply create files, ignoring permission issues. This c...
Debian DSA-181-1 : libapache-mod-ssl - XSS
Joe Orton discovered a cross site scripting problem in modssl, an Apache module that adds Strong cryptography i.e. HTTPS support to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only...
Debian DSA-033-1 : analog - buffer overflow
The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form...
CGI bugs
No description provided...
[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
Ruby symbolic links problem
CGI::Session unsecurely creates temporary file...
GLSA-200409-08 : Ruby: CGI::Session creates files insecurely
The remote host is affected by the vulnerability described in GLSA-200409-08 Ruby: CGI::Session creates files insecurely The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Session instance to be written to a file, writes t...
CGI bugs
No description provided...
Ruby: CGI::Session creates files insecurely
Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
CVE-1999-1189
The CVE-1999-1189 issue affects Netscape Navigator/Communicator 4.7 on Windows 95/98. A buffer overflow can be triggered by a long argument after the ? in a URL referencing .asp, .cgi, .html, or .pl, allowing remote denial of service and potentially arbitrary command execution. No remediation det...