Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

CVE-2008-1360

Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...

CVE-2008-1360

Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...

Cross site scripting

Cross-site scripting XSS vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624...

CVE-2008-1360

Nagios2 CGI scripts before a fixed update are vulnerable to cross-site scripting (CVE-2007-5624, CVE-2007-5803, CVE-2008-1360). Exploitation is remote and relies on input sanitising gaps in the web interface, as detailed in Debian DSA-1883-1/DSA-1883-2 and OpenVAS entries. The issue is not limite...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Snewscms Rus 2.3: crossite scripting...

Adobe ColdFusion多个跨站脚本及无效日志漏洞

BUGTRAQ ID: 28205,28207 CVECAN ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境，具有很高的易用性和开发效率，基于标准的Java技术，可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话，远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

CVE-2008-1334

cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATHINFO, as demonstrated by 1 %5C encoded backslash, 2 '%' percent, and 3 '' tilde. NOTE:...

RecurityLabs_Cisco_ACS_UCP_advisory.txt

Recurity Labs GmbH http://www.recurity-labs.com [email protected] Date: 12.03.2008 Vendor: Cisco Systems Product: Cisco Secure Access Control Server ACS for Windows User-Changeable Password UCP application Vulnerability: Multiple remote pre-authentication buffer overflows Cross Site...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Design/Logic Flaw

cgi-bin/setupvirtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service control center outage via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header...

Authentication flaw

cgi-bin/setupdns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns11, dns12, dns13, and dns14 parameters. NOTE: it was later reported that...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1513-1 [email protected] http://www.debian.org/security/ Steve Kemp March 06, 2008 http://www.debian.org/security/faq -...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files...

lighthttpd information leakage

It's possible to obtain CGI source code under some conditions...