9775 matches found
CGI Script Path Disclosure
Binary data 1540.prm...
CGI:IRC Server Detection
Binary data 3530.prm...
Savant < 3.0 GET Request CGI Source Disclosure
Binary data 1518.prm...
MaxDB WebSQL < 7.5.00.18 Remote Overflow
Binary data 2528.prm...
Pi3Web WebServer < 2.0.1 CGI Handler Overflow
Binary data 1519.prm...
FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)
According to a Debian Security Advisory : Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...
CVSTrac timeline.c timeline_page Function Overflow
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the timelinepage function in timeline.c that may allow an attacker to cause a buffer overflow. An attacker, exploiting this flaw, would be potentially able t...
CVSTrac history.c history_update Function Overflow
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. Nessus has...
CVSTrac cgi.c Multiple Overflows
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains multiple flaws in the mprintf, vmprintf, and vxprintf functions in cgi.c . A remote attacker, exploiting this flaw, would be able to execute arbitrary code on the remote syste...
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
-------------------------------------------------------------------------- Debian Security Advisory DSA 537-1 [email protected] http://www.debian.org/security/ Martin Schulze August 16th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
-------------------------------------------------------------------------- Debian Security Advisory DSA 537-1 [email protected] http://www.debian.org/security/ Martin Schulze August 16th, 2004 http://www.debian.org/security/faq -...
Ruby insecure file permissions in the CGI session management
According to a Debian Security Advisory: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...
DSA-537 ruby - insecure file permissions
Bulletin has no description...
CGI bugs
No description provided...
GoScript go.cgi Arbitrary Command Execution
The remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the 'go.cgi' script. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
WackoWiki TextSearch phrase Parameter XSS
The remote host seems to be running the WackoWiki CGI suite. Based on the version information gathered by Nessus, this instance of WackoWiki may be vulnerable to a remote authentication attack. Exploitation of this vulnerability may allow for theft of cookie-based authentication credentials and...
page.txt
Script affected: page.cgi - content/template merging CGI Author: Andrew Kilpatrick We can execute arbitrary commands with same id of the webserver: http://www.vulnerable.com/page.cgi?url=.html|id| Thanks : Infektion Group irc.phey.net -j infektion...
CGI bugs
No description provided...
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
The sample CGI mathsum.mscgi is installed on the remote web server. The remote version of this CGI contain several issues which may allow an attacker to execute a cross-site scripting attack, to disable the remote server remotely or to execute arbitrary code with the privileges of the server...
RiSearch show.pl Open Proxy Relay
The remote host seems to be running RiSearch, a local search engine. There is a flaw in the CGI 'show.pl' which is bundled with this software that could allow an attacker to use the remote host as an open proxy by doing a request like :...