Mandrake Linux Security Advisory : perl-CGI (MDKSA-2003:084)

Eye on Security found a cross-site scripting vulnerability in the startform function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site. %NASLMINLEVE...

Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)

A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like...

Mandrake Linux Security Advisory : apache (MDKSA-2003:103)

A buffer overflow in modalias and modrewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file .htaccess o...

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write call in...

CGI bugs

No description provided...

CGI bugs

No description provided...

CGI bugs

No description provided...

Open WebMail Detection

The remote host is running Open WebMail, a webmail package written in Perl that provides access to mail accounts via POP3 or IMAP. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details. include'deprecatednasllevel.inc'; include"compat.inc"; ...

CGI bugs

No description provided...

CGI bugs

No description provided...

CGI bugs

No description provided...

DSA-523 www-sql - buffer overflow

Bulletin has no description...

CGI bugs

No description provided...

CGI bugs

No description provided...

CGI bugs

No description provided...

TinyWeb Executable code leak

By using /./ it's possible to access file from /cgi-bin...

[NT] TinyWeb Script Disclosure Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure

Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web...

CGI bugs

No description provided...

jPortal print.inc.php id Parameter SQL Injection

The remote host appears to be running the jPortal CGI suite. There is a SQL injection vulnerability in the 'id' parameter of print.php. A remote attacker could exploit this to execute arbitrary SQL queries, which could be used to gain administrative access to this host. %NASLMINLEVEL 70300 C...