RoarSmithinfo2www远程执行任意命令漏洞

BugCVE: CVE-1999-0266 BUGTRAQ: 1995 “info2www”是一个将GNU Info文本转化成HTML文件的CGI程序。 某些早期版本的info2www脚本实现上存在输入验证漏洞，远程攻击者可以利用此漏洞以Web进程的权限在主机上 执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些shell元字符，远程攻击者可能以Web守护程序的权限（root或nobody）在主机上执行任意程序。 1.0-1.1 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：...

viralator

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server No flaw was tested. Your script might be a safe version. Solutions : Upgrade this script to version 0.9pre2 ...

overflow.cgi detection

/cgi-bin/.cobalt/overflow/overflow.cgi was detected. Some versions of this CGI allow remote users to execute arbitrary commands with the privileges of the web server. SPDX-FileCopyrightText: 2008 Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

Sympa < 4.1.3 XSS Vulnerability

The remote web server contains a CGI script that is affected by a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Tenable Network Security Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

F-Secure Policy Manager Server < 7.0.1 'fsmsh.dll module' DoS Vulnerability

F-Secure Policy Manager Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sambar XSS Vulnerability - Active Check

The Sambar web server comes with a set of CGIs that are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2008 Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CNCat: crossite scripting via description field...

F-Secure Policy Manager Server fsmsh.dll module DoS

The remote host is an F-Secure Policy Manager Server. Description : The remote host is running a version a F-Secure Policy Manager Server which is vulnerable to a denial of service. A malicious user can forge a request to query a MS-DOS device name through the 'fsmsh.dll' CGI module, which will...

Viralator <= 0.9pre1 Command Execution Vulnerability

The CGI SPDX-FileCopyrightText: 2008 Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.80093";...

CVE-2008-3862

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to...

Stack overflow

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to...

CVE-2008-3862

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to...

CVE-2008-3862

Trend Micro OfficeScan CGI Parsing Buffer Overflow (CVE-2008-3862) affects OfficeScan 7.3 Patch4 build 1367 and older builds (before 1374) and 8.0 SP1 Patch1 before build 3110. The vulnerability is a boundary/stack-based overflow in CGI modules when parsing HTTP POST form data, allowing remote at...

趋势科技OfficeScan CGI解析栈溢出漏洞

BUGTRAQ ID: 31859 CVECAN ID: CVE-2008-3862 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan服务器在解析CGI请求时存在栈溢出漏洞。如果远程攻击者通过HTTP POST请求向受影响的CGI可执行程序发送了特制的表单数据的话，就可以触发这个溢出，导致执行任意指令。 Trend Micro OfficeScan 8.0 Trend Micro OfficeScan 7.3 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2008-4663

Cross-site scripting XSS vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki 1 jcode.pl and 2 Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki 1 jcode.pl and 2 Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-4663

Cross-site scripting XSS vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki 1 jcode.pl and 2 Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-4663

CVE-2008-4663 is an XSS in K's CGI Access Log Kaiseki components: analysis.cgi (Ver. 1.44 and earlier) with jcode.pl and Jcode.pm. The vulnerability allows remote attackers to execute arbitrary script/HTML in a victim's browser via unspecified vectors. Refactors in connected sources confirm the v...

[SECURITY] Fedora 8 Update: rubygem-rails-2.1.1-2.fc8

Rails is a framework for building web-application using CGI, FCGI, modruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...