Debian DSA-1513-1 : lighttpd - information disclosure

It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory Traversal Vulnerability

No description provided by source. ------------------------------------------------------------------------------------ Digital Security Research Group DSecRG Advisory DSECRG-08-018...

[SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA-1513-1 [email protected] http://www.debian.org/security/ Steve Kemp March 06, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

[SECURITY] Fedora 8 Update: lighttpd-1.4.18-6.fc8

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

[SECURITY] Fedora 7 Update: lighttpd-1.4.18-3.fc7

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

php5. 2. 3 remote CGI buffer overflow vulnerability-vulnerability warning-the black bar safety net

yuange Affected versions: php5. 2. 3 Does not affect the version: other version php5. 2. 3 in processing the CGI of the time, due to a programming error, missing parentheses, and wrong calculation of string length, resulting in a heap buffer overflow and possible remote execution of arbitrary cod...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Board: crossite scripting with flash files...

lighttpd: Multiple vulnerabilities

Background lighttpd is a lightweight high-performance web server. Description lighttpd contains a calculation error when allocating the global file descriptor array CVE-2008-0983. Furthermore, it sends the source of a CGI script instead of returning a 500 error Internal Server Error when the fork...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Information disclosure

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Trend Micro OfficeScan Policy Server CGI buffer overflow

Added: 03/03/2008 CVE: CVE-2008-1365 BID: 28020 OSVDB: 42500 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Debian Security Advisory DSA 1508-1 (diatheke)

The remote host is missing an update to diatheke announced via advisory DSA 1508-1. OpenVAS Vulnerability Test $Id: deb15081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1508-1 diatheke Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1508-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-1054

NetWin SurgeMail 38k4 and earlier (including swatch.exe and surgemail.exe; webmail.exe and unspecified CGI executables) are affected by a stack-based buffer overflow in the _lib_spawn_user_getpid function. The overflow is triggered by an HTTP request with multiple long headers, causing an overflo...