9791 matches found
CVE-2008-1054
NetWin SurgeMail 38k4 and earlier (including swatch.exe and surgemail.exe; webmail.exe and unspecified CGI executables) are affected by a stack-based buffer overflow in the _lib_spawn_user_getpid function. The overflow is triggered by an HTTP request with multiple long headers, causing an overflo...
SurgeMail Page命令远程格式串处理漏洞
BUGTRAQ ID: 27990 SurgeMail是下一代的邮件服务器,可运行在Windows NT/2K或UNIX平台上,支持所有的标准IMAP、POP3、SMTP、SSL和ESMTP协议。 SurgeMail中用于处理webmail接口(webmail.exe)的CGI存在安全漏洞,远程攻击者可能利用此漏洞控制服务器。 CGI中用于在请求错误页面时构建错误消息的函数未经验证格式参数便直接将其传送给了lvprintf: "TPL: Failed to Locate Template c:\surgemail\webmail\panel%s%s%s%s%s%s.tpl2=No suc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
SurgeMail CGI可执行程序远程溢出漏洞
BUGTRAQ ID: 27992 SurgeMail是下一代的邮件服务器,可运行在Windows NT/2K或UNIX平台上,支持所有的标准IMAP、POP3、SMTP、SSL和ESMTP协议。 SurgeMail中用于处理CGI可执行程序的函数中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。...
[SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1508-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 25, 2008 http://www.debian.org/security/faq -...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Debian DSA-1508-1 : diatheke - insufficient input sanitising
Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...
DSA-1508-1 sword - arbirary shell command execution
Bulletin has no description...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Scuttle: multiple XSS...
php5.2.3远程CGI缓冲溢出漏洞
php5.2.3在处理CGI的时候,由于一编程错误(缺少括号),错误计算一字符串长度,导致堆缓冲溢出,可能远程执行任意代码。 触发方式:配置.php到php.exe的CGI映射,请求GET /test.php/aa HTTP/1.1 错误发生在php-5.2.3\sapi\cgi\cgi-man.c line 886: int pathtranslatedlen = ptlen + envpathinfo ? strlenenvpathinfo : 0; 程序应该是 int pathtranslatedlen = ptlen + envpathinfo ? strlenenvpathin...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ultraseek: Cross-Site Scripting, Directory Traversal и Local File Inclusion уязвимостях, Verity Ultraseek...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CVE-2008-0717
Cross-site scripting XSS vulnerability in Caching Proxy CP 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response...
CVE-2008-0717
CVE-2008-0717 affects IBM WebSphere Edge Server’s Caching Proxy (CP) 5.1–6.1. When CGI mapping rules are enabled, it enables cross-site scripting by injecting arbitrary script/HTML that is reflected in an error response. The NVD entry lists a NETWORK attack vector with MEDIUM complexity, requirin...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, information leakage...
F5 BIG-IP Web Management Interface Version
An F5 BIG-IP web management interface is running on this port, and Nessus has determined its software version. Note. HTTP credentials are required to retrieve version information. TRUSTED...