9791 matches found
Alcatel OmniPCX Office 210/061.1 - Remote Command Execution
Digital Security Research Group DSecRG Advisory DSECRG-08-020 Application: Alcatel OmniPCX Office Versions Affected: Alcatel OmniPCX Office since release 210/061.1 Vendor URL: http://alcatel.com Bugs: Remote command execution Exploits: YES Risk: High CVSS Score: 7.31 CVE-number: 2008-1331 Reporte...
QRcode Perl CGI & PHP script vulnerable to denial of service attack
Overview QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from...
HTTPD-User-Manage cross-site scripting vulnerability
Overview HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is...
Cross-site scripting vulnerability in multiple Tor World CGI scripts
Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...
DesignForm cross-site scripting vulnerability
Overview DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary scrip...
Ruby cgi.rb Denial of Service Vulnerability
Overview The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces. Impact An attacker could cause a Denial of Service DoS on the Web services using cgi.rb...
CGI RESCUE WebFORM allows unauthorized email transmission
Overview WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, an...
Kmail CGI authentication bypass vulnerability
Overview Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability. Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution None...
Shopping Basket Professional vulnerable to OS command injection
Overview Shopping Basket Professional provided by CGI RESCUE contains a vulnerability which allows a remote attacker to inject an arbitrary OS command as it does not properly validate input data. Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket...
MailDwarf cross-site scripting vulnerability
Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
Overview Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...
Homepage Builder sample CGI programs vulnerable to OS command injection
Overview Some of the CGI sample programs included in Homepage Builder provided by IBM Japan contains a vulnerability which may allow an attacker to inject an arbitrary OS command. According to the vendor, it is confirmed that vulnerable CGI sample programs are not included in the demo versions of...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS...
[SECURITY] Fedora 9 Update: lighttpd-1.4.19-4.fc9
Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Unfixed XSS vulnerability at www.westernhagen.de
Security researcher mebx, has submitted on 14/05/2008 a cross-site-scripting XSS vulnerability affecting www.westernhagen.de, which at the time of submission ranked 2302630 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2008. It is...
CVE-2007-5803
Multiple cross-site scripting XSS vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360...
CVE-2007-5803
Multiple cross-site scripting XSS vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360...