CVE-2008-0893

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...

CVE-2008-0893

CVE-2008-0893 affects Red Hat Directory Server Admin Server (redhat-ds-admin), used with Red Hat Directory Server 8.0 on RHEL4/RHEL5. The vulnerability stems from inadequate restriction of CGI script access, allowing an unauthenticated remote user to access CGI endpoints and perform administrativ...

CVE-2008-0892

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

CVE-2008-0892

The CVE-2008-0892 issue affects the replication monitor CGI script (repl-monitor-cgi.pl) in the Red Hat Administration Server used with Red Hat Directory Server 8.0 on RHEL4/RHEL5, allowing remote command execution via the CGI interface. The root cause is a command-injection flaw in the replicati...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Trashbin plugin for Wordpress: crossite scripting...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Server: unrestricted access to CGI scripts

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions...

HP OpenView Network Node Manager multiple CGI buffer overflow

Buffer overflows in ovlogin.exe, OpenView5.exe, snmpviewer.exe, webappmon.exe. OpenView5.exe directory traversal...

Directory traversal vulnerability in WEBrick

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access

The version of HP OpenView Network Node Manager installed on the remote host fails to completely sanitize user input to the 'Action' parameter of the 'OpenView5.exe' CGI script. Using a value with directory traversal sequences containing slashes rather than backslashes, an unauthenticated, remote...

OmniPCX Office远程信息泄露漏洞

BUGTRAQ ID: 28758 CVECAN ID: CVE-2008-1331 阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。 OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数，允许远程攻击者从Internet检索敏感信息。 Alcatel-Lucent OmniPCX Office = 210/061.1 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 禁止从Internet的WBM/WCA访问 对于R2.1到R4.1版本：...

HP OpenView网络节点管理器目录遍历及拒绝服务漏洞

BUGTRAQ ID: 28745 HP OpenView网络节点管理器（OV NNM）是HP公司开发和维护的网络管理系统软件，具有强大的网络节点管理功能。 OV NNM的多个服务和组件中存在目录遍历和拒绝服务漏洞，允许远程攻击者通过提交恶意请求导致服务崩溃或下载任意文件。 --------------------------- A CGI目录遍历 --------------------------- NNM中的CGI使用一些指令过滤掉客户端传送参数中的恶意字符，但这些CGI所过滤掉的路径分隔符为反斜线，因此攻击者可以使用斜线执行目录遍历攻击，从磁盘上下载文件。...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Debian DSA-1539-1 : mapserver - several vulnerabilities

Chris Schmidt and Daniel Morissette discovered two vulnerabilities in mapserver, a development environment for spatial and mapping applications. The Common Vulnerabilities and Exposures project identifies the following two problems : - CVE-2007-4542 Lack of input sanitizing and output escaping in...

HP OpenView Network Node Manager 7.53 - Multiple Vulnerabilities

Luigi Auriemma Application: HP OpenView Network Node Manager http://www.openview.hp.com/products/nnm/ Versions: From vendor's website: OpenView NNM "automates the process of developing a hyper-accurate topology of your physical network, virtual network services and the complex relationships betwe...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MODx CMS: index.php crossite scripting through email parameter...

[SECURITY] [DSA 1539-1] New mapserver packages fix multiple vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1539-1 [email protected] http://www.debian.org/security/ Devin Carraway April 04, 2008 http://www.debian.org/security/faq -...