9795 matches found
CVE-2010-2540
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments...
CVE-2010-2540
mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments...
CVE-2010-2540
CVE-2010-2540 affects MapServer’s mapserv CGI interface. In MapServer versions prior to 4.10.6 and 5.x prior to 5.6.4, CGI arguments intended for debugging are not properly restricted, enabling remote attackers to craft arguments and trigger an unspecified impact. Fixed in MapServer 4.10.6 and 5....
MapServer < 4.10.6, 5.x < 5.6.4 Multiple Vulnerabilities
MapServer is prone to multiple remote vulnerabilities, including a buffer overflow vulnerability and an unspecified security vulnerability affecting the CGI command line debug arguments. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...
DSA-2079-1 mapserver - arbitrary code execution
Bulletin has no description...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow (CVE-2010-1554)
HP OpenView product is a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, OpenView Network Node Manager, etc. A buffer overflow vulnerability exists in...
HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities
HP OpenView Network Node Manager is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CGI Generic XSS (comprehensive test)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These XS...
CGI Generic Injectable Parameter
Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other...
CGI Generic On Site Request Forgery (OSRF)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with special characters like dots, slashes, backslashes, equal signs, question marks, etc. By leveraging this issue, an attacker may be able to cause arbitrary GET requests to be executed by a user when he...
ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability
ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvpnc Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-137 July 21, 2010 -- CVE ID: CVE-2010-2703 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...
VUPEN Security Research - HP OpenView Network Node Manager "nnmrptconfig.exe" Buffer Overflow (CVE-2010-2703)
VUPEN Security Research - HP OpenView Network Node Manager "nnmrptconfig.exe" Buffer Overflow CVE-2010-2703 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "HP OpenView Network Node Manager is the market-leading network management solution that enables problem...
Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe C...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
This host is installed with Mako and is prone to cross-site scripting vulnerability. Openvas Vulnerability Test $id: gbmakoxssvuln.nasl 10044 2010-07-12 13:10:35z jul $ Description: Mako 'cgi.escape' Cross-Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright C 2010 Greenbone...
Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
Mako is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Web Server printenv CGI Information Disclosure
The remote web server contains the 'test-cgi' test script, which is included by default with some web servers. The printenv CGI returns its environment variables. This gives an attacker information like the installation directory, the server IP address which is interesting if NAT is implemented,...
Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary runnin...