9794 matches found
QuickTime Streaming Server parse_xml.cgi Remote Execution
$Id: qtssparsexmlexec.rb 7776 2009-12-09 15:13:35Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3 'HP...
CoreHTTP Arbitrary Command Execution Vulnerability
No description provided by source. Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
php CGI-SAPI 4.3.0 代码执行漏洞
No description provided by source...
AWStats 6.1 < 6.2 - 'configdir' Remote Command Execution (Metasploit)
$Id: awstatsconfigdirexec.rb 7970 2009-12-26 03:31:20Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CoreHTTP CGI支持远程命令执行漏洞
BUGTRAQ ID: 37454 CoreHTTP是一款小型的Web服务器。 CoreHTTP服务器的http.c文件没有正确的过滤用户输入便调用了popen,这允许攻击者使用标准的Web浏览器执行任意命令: / escape the url for " and \ since we use it in popen / for i = 0; i PATHSIZE; i++ if urli == '\0' break; else if urli == '\' || urli == '"' || urli == ''' find = url + i; strcpytemp, find;...
Update Protection against HP OpenView Network Node Manager ovlogin.exe Buffer Overflow
A buffer overflow vulnerability exists in HP OpenView Network Node Manager NNM. The vulnerability is due to a boundary error in ovlogin.exe, the login process of a CGI application shipped with OpenView NNM. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CoreHTTP 0.5.3.1 - CGI Arbitrary Command Execution
CoreHTTP 0.5.3.1 - CGI Arbitrary Command Execution Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly...
CoreHTTP 0.5.3.1 Command Execution
MSF Exploit for CoreHTTP CGI Enabled Remote Arbitrary Command Execution CoreHTTP fails to properly sanitize user input before passing it to popen, allowing anyone with a web browser to run arbitrary commands. No CVE for this yet. require 'msf/core' class Metasploit3 'corehttp remote command...
CoreHTTP 0.5.3.1 - 'CGI' Arbitrary Command Execution
Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input before calling popen and allows an...
HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow
Added: 12/22/2009 CVE: CVE-2009-4179 BID: 37261 OSVDB: 60930 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow in the ovalarm.exe CGI program allows command execution when an attacker sends an HTTP request to this...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
lighttpd 1.3.7 远程CGI脚本代码泄漏漏洞
No description provided by source...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...