Lucene search
K

9795 matches found

NVD
NVD
added 2010/08/02 10:0 p.m.15 views

CVE-2010-2540

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments...

10CVSS6.6AI score0.03833EPSS
Exploits0References6
Cvelist
Cvelist
added 2010/08/02 9:0 p.m.39 views

CVE-2010-2540

mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments...

6.5AI score0.03833EPSS
Exploits0References6
CVE
CVE
added 2010/08/02 9:0 p.m.84 views

CVE-2010-2540

CVE-2010-2540 affects MapServer’s mapserv CGI interface. In MapServer versions prior to 4.10.6 and 5.x prior to 5.6.4, CGI arguments intended for debugging are not properly restricted, enabling remote attackers to craft arguments and trigger an unspecified impact. Fixed in MapServer 4.10.6 and 5....

10CVSS6.6AI score0.03833EPSS
Exploits0References6Affected Software2
OpenVAS
OpenVAS
added 2010/08/02 12:0 a.m.29 views

MapServer < 4.10.6, 5.x < 5.6.4 Multiple Vulnerabilities

MapServer is prone to multiple remote vulnerabilities, including a buffer overflow vulnerability and an unspecified security vulnerability affecting the CGI command line debug arguments. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...

10CVSS6.1AI score0.03833EPSS
Exploits0References4
OSV
OSV
added 2010/07/31 12:0 a.m.28 views

DSA-2079-1 mapserver - arbitrary code execution

Bulletin has no description...

10CVSS6AI score0.03833EPSS
Exploits0
securityvulns
securityvulns
added 2010/07/29 12:0 a.m.31 views

Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2010/07/28 12:0 a.m.32 views

Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References24Affected Software15
Check Point Advisories
Check Point Advisories
added 2010/07/27 12:0 a.m.3 views

HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow (CVE-2010-1554)

HP OpenView product is a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow vulnerability exists in...

10CVSS7.3AI score0.67786EPSS
Exploits13
OpenVAS
OpenVAS
added 2010/07/26 12:0 a.m.30 views

HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities

HP OpenView Network Node Manager is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS6.2AI score0.42261EPSS
Exploits10References6
Tenable Nessus
Tenable Nessus
added 2010/07/26 12:0 a.m.948 views

CGI Generic XSS (comprehensive test)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These XS...

7.5CVSS5.6AI score0.02515EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/07/26 12:0 a.m.476 views

CGI Generic Injectable Parameter

Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other...

5.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/07/26 12:0 a.m.90 views

CGI Generic On Site Request Forgery (OSRF)

The remote web server hosts CGI scripts that fail to adequately sanitize request strings with special characters like dots, slashes, backslashes, equal signs, question marks, etc. By leveraging this issue, an attacker may be able to cause arbitrary GET requests to be executed by a user when he...

5.8AI score
Exploits0References3
securityvulns
securityvulns
added 2010/07/22 12:0 a.m.63 views

ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability

ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvpnc Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-137 July 21, 2010 -- CVE ID: CVE-2010-2703 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...

10CVSS0.9AI score0.71381EPSS
Exploits9
securityvulns
securityvulns
added 2010/07/22 12:0 a.m.76 views

VUPEN Security Research - HP OpenView Network Node Manager &quot;nnmrptconfig.exe&quot; Buffer Overflow &#40;CVE-2010-2703&#41;

VUPEN Security Research - HP OpenView Network Node Manager "nnmrptconfig.exe" Buffer Overflow CVE-2010-2703 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "HP OpenView Network Node Manager is the market-leading network management solution that enables problem...

10CVSS8AI score0.71381EPSS
Exploits9
Zero Day Initiative
Zero Day Initiative
added 2010/07/21 12:0 a.m.32 views

Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe C...

10CVSS1.8AI score0.71381EPSS
Exploits9References1
securityvulns
securityvulns
added 2010/07/18 12:0 a.m.23 views

Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References2Affected Software2
OpenVAS
OpenVAS
added 2010/07/16 12:0 a.m.16 views

Mako 'cgi.escape()' Cross-Site Scripting Vulnerability

This host is installed with Mako and is prone to cross-site scripting vulnerability. Openvas Vulnerability Test $id: gbmakoxssvuln.nasl 10044 2010-07-12 13:10:35z jul $ Description: Mako 'cgi.escape' Cross-Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright C 2010 Greenbone...

4.3CVSS6AI score0.01809EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/07/16 12:0 a.m.14 views

Mako 'cgi.escape()' Cross-Site Scripting Vulnerability

Mako is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.4AI score0.01809EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/07/16 12:0 a.m.393 views

Multiple Web Server printenv CGI Information Disclosure

The remote web server contains the 'test-cgi' test script, which is included by default with some web servers. The printenv CGI returns its environment variables. This gives an attacker information like the installation directory, the server IP address which is interesting if NAT is implemented,...

5.5AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2010/07/13 12:0 a.m.28 views

Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary runnin...

9CVSS6.3AI score0.07465EPSS
Exploits0References1
Rows per page
Query Builder