Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Xaraya: crossite scripting...

Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities

====================================================================== Secunia Research 07/01/2009 - HP OpenView Network Node Manager Multiple Vulnerabilities - ====================================================================== Table of Contents Affected...

Preemptive Protection against HP OpenView Network Node Manager Buffer Overflows

HP OpenView Network Node Manager NNM is a software application designed for management, maintenance and monitoring of networks and network devices. Several vulnerabilities were reported in HP OpenView Network Node Manager CGI applications, enabling a remote user to execute arbitrary code on the...

HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow

Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...

HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow

Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...

HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow

Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...

HP OpenView Network Node Manager Toolbar.exe CGI buffer overflow

Added: 01/09/2009 CVE: CVE-2008-0067 BID: 33147 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by requesting the Toolbar.exe CGI program with a...

CVE-2008-0067

Multiple stack-based buffer overflows in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via 1 long string parameters to the OpenView5.exe CGI program; 2 a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a...

CVE-2008-0067

Multiple stack-based buffer overflows in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via 1 long string parameters to the OpenView5.exe CGI program; 2 a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a...

FreeBSD : awstats -- multiple XSS vulnerabilities (27d78386-d35f-11dd-b800-001b77d09812)

Secunia reports : Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrar...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting...

CVE-2008-5809

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id...

Design/Logic Flaw

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id...

CVE-2008-5809

The CVE-2008-5809 affects futomi CGI Cafe’s Access Analyzer CGI: Standard v4.0.1 and earlier and Professional v4.11.3 and earlier, where a predictable session ID enables remote attackers to hijack sessions and view analysis results. Root cause: predictable session identifiers. Impact: partial dis...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: automated account registration, DoS...

A CGI program vulnerability discovery-vulnerability warning-the black bar safety net

Source: phpeval's BLOG Author: phpeval Yesterday a friend threw me acgiprogram. Call me to think of a way to get a SHELL. The CGI program but I've never seen it. Experience this for me brand new things. It really is a bit no way. But to throw to. Just when learning. I bite the bullet and see. The...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. bbPress: crossite scripting, protection bypass...

Directory traversal

Directory traversal vulnerability in CGI RESCUE KanniBBS2000 aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i before 1.03 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2008-5723

Directory traversal vulnerability in CGI RESCUE KanniBBS2000 aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i before 1.03 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2008-5723

Directory traversal vulnerability in CGI RESCUE KanniBBS2000 aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i before 1.03 allows remote attackers to read arbitrary files via unspecified vectors...