Red Hat Fedora目录服务器HTTP非转义函数缓冲区溢出漏洞

BUGTRAQ ID: 31106 CVE ID：CVE-2008-2932 CNCVE ID：CNCVE-20082932 Red Hat Fedora Directory Server是一款目录服务程序。 Red Hat Fedora Directory Server adminutil不正确处理用户输入，远程攻击者可以利用漏洞进行缓冲区溢出，以应用程序权限执行任意指令。 adminutil是一款Red Hat / Fedora Directory Server附带的多个CGI脚本使用的通用函数库。 adminutil...

LedgerSMB 1.2.15之前版本存在多个漏洞

BUGTRAQ ID: 31109 CNCAN ID：CNCAN-2008091102 LedgerSMB是一款开源的ERP系统。 LedgerSMB存在多个输入验证问题，远程攻击者可以利用漏洞消耗大量资源，破坏应用程序或访问修改数据。 1，CGI脚本从$ENVCONTENTLENGTH中读取查询字符串，允许POST大量数据而导致拒绝服务攻击，此漏洞无需验证。 2，AR/AP事务报告存在SQL注入，在生成报告时对参数缺少充分过滤，可导致任意SQL注入到查询中。 LedgerSMB LedgerSMB 1.2.8 LedgerSMB LedgerSMB 1.2.7 LedgerSMB...

CVE-2008-2932

Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via % percent encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrec...

CVE-2008-2932

Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via % percent encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrec...

PT-2008-4370 · Red Hat · Red Hat Adminutil

Name of the Vulnerable Software and Affected Versions: Red Hat adminutil version 1.1.6 Description: A heap-based buffer overflow issue exists, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via percent encoded HTTP input to unspecified CGI scripts in...

[SECURITY] Fedora 9 Update: adminutil-1.1.7-1.fc9

adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET...

[SECURITY] Fedora 8 Update: awstats-6.8-2.fc8

Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...

[SECURITY] Fedora 8 Update: adminutil-1.1.7-1.fc8

adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Fedora 8 : adminutil-1.1.7-1.fc8 (2008-7642)

Fixes these bugs: - CVE-2008-2928 - buffer overflow in Accept-Language parsing 413531 Web browser accepted languages configuration causes dsgw CGI binaries to segfault - improved fix for CVE-2008-2929 XSS issues originally addressed in 1.1.6, that does not introduce heap overflow in parsing...

JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product. This vulnerability is...

Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities

No description provided by source. /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Hot Links SQL-PHP 3 report.php Multiple...

Fedora 9 : adminutil-1.1.7-1.fc9 (2008-7339)

Fixes these bugs: - CVE-2008-2928 - buffer overflow in Accept-Language parsing 413531 Web browser accepted languages configuration causes dsgw CGI binaries to segfault - improved fix for CVE-2008-2929 XSS issues originally addressed in 1.1.6, that does not introduce heap overflow in parsing...

hotlinks-sqlxss.txt

/\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Hot Links SQL-PHP 3 report.php Multiple Vulnerabilities Vendor:...

Hot Links SQL-PHP 3 - report.php Multiple Vulnerabilities

Hot Links SQL-PHP 3 - report.php Multiple Vulnerabilities /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Hot Links SQL-PHP 3...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection...

Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= Hot Links SQL-PHP 3 report.php Multiple Vulnerabilities ========================================================= 1. Information Hot Links was the initial script developed by Mr CGI...

Hot Links SQL-PHP 3 - 'report.php' Multiple Vulnerabilities

/\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Hot Links SQL-PHP 3 report.php Multiple Vulnerabilities Vendor:...

Simple PHP Blog Detection

The remote host is running Simple PHP Blog, an open source blog application that uses flat text files. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid34109; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC)

Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service PoC !/usr/bin/perl -w Samsung DVR SHR2040 HTTPD Remote Denial of Service DoS PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending...