9791 matches found
CVE-2003-1556
Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...
CVE-2003-1556
CVE-2003-1556 affects CGI City CC GuestBook’s cc_guestbook.pl (Perl). The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary script/HTML via the name and homepage_title parameters, potentially enabling cookie theft as described in the Nessus advisory. T...
DSA-1539-1 mapserver - multiple vulnerabilities
Bulletin has no description...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CUPS: Multiple vulnerabilities
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Multiple vulnerabilities have been reported in CUPS: regenrecht VeriSign iDefense discovered that the cgiCompileSearch function used in several CGI scripts in CUPS' administration interface does not...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
JVN#58803701 DesignForm cross-site scripting vulnerability
DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...
JVN#76669770 PerlMailer cross-site scripting vulnerability
PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in PerlMailer. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
[SECURITY] Fedora 7 Update: namazu-2.0.18-1.fc7
Namazu is a full-text search engine software intended for easy use. Not only it works as CGI program for small or medium scale WWW search engine, but also works as personal use such as search system for local HDD...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web Server Uses Non Random Session IDs
The remote web server generates a session ID for each connection. A session ID is typically used to keep track of a user's actions while they visit a website. The remote server generates non-random session IDs. An attacker might use this flaw to guess the session IDs of other users and therefore...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Claroline: crossite scripting...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS DataLife Engine - path information leakage...
Belkin Wireless G Router绕过安全限制和拒绝服务漏洞
BUGTRAQ ID: 28322,28319,28317 CVECAN ID: CVE-2008-1242,CVE-2008-1244,CVE-2008-1245 Belkin Wireless G Router是一款家用的无线路由器。 Belkin Wireless G Router中的多个安全漏洞可能允许恶意用户绕过安全限制或导致拒绝服务。 1 认证会话实现中的错误允许用户通过从之前已认证的IP地址创建会话来获得对路由器控制面板的访问。 2 在cgi-bin/setupdns.exe中强制权限方式中的错误允许用户通过直接访问有漏洞的脚本执行有限的管理操作。 3...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CUPS CGI接口远程堆溢出漏洞
BUGTRAQ ID: 28307 CVECAN ID: CVE-2008-0047 Common Unix Printing System CUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS的CGI接口处理畸形的用户请求时存在堆缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 CUPS在TCP 631端口上监听请求,这个接口允许访问一些用于管理CUPS和提供打印任务信息的CGI应用。如果远程攻击者向这个端口提交了恶意请求的话,就可能触发堆溢出,导致执行任意指令。...