Lucene search
K

9793 matches found

Tenable Nessus
Tenable Nessus
added 2009/08/25 12:0 a.m.494 views

Web Application Potentially Sensitive CGI Parameter Detection

According to their names, some CGI parameters may control sensitive data e.g., ID, privileges, commands, prices, credit card data, etc.. In the course of using an application, these variables may disclose sensitive data or be prone to tampering that could result in privilege escalation. These...

5.5AI score
Exploits0
securityvulns
securityvulns
added 2009/08/25 12:0 a.m.27 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2009/08/25 12:0 a.m.29 views

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : php5 vulnerability (USN-824-1)

It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding...

4.3CVSS5.5AI score0.04378EPSS
Exploits1References2
CVE
CVE
added 2009/08/21 10:0 a.m.47 views

CVE-2009-2925

CVE-2009-2925 : A directory traversal vulnerability exists in DJcalendar.cgi of DJCalendar, allowing remote attackers to read arbitrary files by supplying a .. in the TEMPLATE parameter. This is described in the NVD entry as a DJCalendar directory traversal leading to potential exposure of sensit...

7.8CVSS6.8AI score0.03468EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2009/08/21 12:0 a.m.24 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2009/08/18 12:0 a.m.22 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2009/08/17 12:0 a.m.42 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.5AI score0.0286EPSS
Exploits0References3Affected Software3
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.20 views

Mandrake Security Advisory MDVSA-2009:167 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:167. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

4.3CVSS6.3AI score0.04378EPSS
Exploits1References2
NVD
NVD
added 2009/08/14 3:16 p.m.17 views

CVE-2009-2766

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests...

7.5CVSS6.9AI score0.05129EPSS
Exploits1References2
NVD
NVD
added 2009/08/14 3:16 p.m.25 views

CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

8.3CVSS7.5AI score0.82504EPSS
Exploits7References9
CVE
CVE
added 2009/08/14 3:0 p.m.100 views

CVE-2009-2765

The CVE-2009-2765 issue affects the DD-WRT HTTPd management GUI, where httpd.c in the HTTP daemon is vulnerable to shell metacharacter injection via requests to a CGI-bin URI. The vulnerability allows an unauthenticated remote attacker to execute arbitrary commands with root privileges on affecte...

8.3CVSS7.8AI score0.82504EPSS
Exploits7References9Affected Software1
securityvulns
securityvulns
added 2009/08/14 12:0 a.m.26 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2009/08/14 12:0 a.m.4 views

PT-2009-5129

Name of the Vulnerable Software and Affected Versions DD-WRT versions prior to build 12533 Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a "cgi-bin/" URI. This is due to a problem in the httpd.c in httpd in the management GUI...

8.3CVSS7.5AI score0.82504EPSS
Exploits7References18
UbuntuCve
UbuntuCve
added 2009/08/12 10:30 a.m.22 views

CVE-2008-6945

Multiple cross-site scripting XSS vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mvorderitem CGI variable parameter in Core, 2 the country-select widget, or 3 possibly the value...

4.3CVSS5.9AI score0.01321EPSS
Exploits0References1
Cvelist
Cvelist
added 2009/08/12 10:0 a.m.20 views

CVE-2008-6945

Multiple cross-site scripting XSS vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mvorderitem CGI variable parameter in Core, 2 the country-select widget, or 3 possibly the value...

5.9AI score0.01321EPSS
Exploits0References8
securityvulns
securityvulns
added 2009/08/12 12:0 a.m.43 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References5Affected Software4
CVE
CVE
added 2009/08/11 10:0 a.m.62 views

CVE-2009-2737

The CVE-2009-2737 issue affects Roundup. In Roundup 1.2 before 1.2.1 and 1.4 through 1.4.6, the EditCSVAction function in cgi/actions.py does not properly enforce permissions. This allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that c...

5.5CVSS6.4AI score0.02322EPSS
Exploits0References9Affected Software1
Packet Storm
Packet Storm
added 2009/08/11 12:0 a.m.36 views

PHP 5.3.0 open_basedir Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.0 main.c openbasedir bypass Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - - Dis.: 26.05.2009 - - - Pub.: 06.08.2009 Risk: Medium Affected Software: PHP 5.3.0 Original URL:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/08/10 12:0 a.m.37 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Dumb math captcha: protection bypass backdoor...

1.7AI score
Exploits0References5Affected Software5
securityvulns
securityvulns
added 2009/08/09 12:0 a.m.38 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.5CVSS1.5AI score0.0198EPSS
Exploits3References7Affected Software7
Rows per page
Query Builder