Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Alcatel-Lucent OmniPCX Remote Command Execution

Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...

CVE-2007-4927

CVE-2007-4927 describes a vulnerability in the AXIS 207W camera where unauthenticated? remote authenticated users can trigger a denial of service (reboot) by issuing many requests with unique buffer names to buffername in a start action of axis-cgi/buffer/command.cgi. The connected records corrob...

rt-sa-2007-001.txt

Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...

Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC

Exploit for hardware platform in category dos / poc ================================================= Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC ================================================= !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

CVE-2007-4727

Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...

CVE-2007-4822

Cross-site request forgery CSRF vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Trend Micro OfficeScan Remote Stack Buffer Overflow

This module exploits a stack buffer overflow in Trend Micro OfficeScan cgiChkMasterPwd.exe running with SYSTEM privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasm' class MetasploitModule 'Trend...

[SECURITY] Fedora 7 Update: snort-2.7.0.1-3.fc7

Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows,...

JVN#75899905 Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code

Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to view CGI source code in the server as it does not properly handle a specially crafted HTTP request. Impact An attacker may be able to view CGI source co...

CVE-2007-4713

Multiple cross-site scripting XSS vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the 1 dtc, 2 vid, 3 n, 4 dt, 5 ed, and 6 bd parameters...

Joomla! CMS com_search Component 'searchword' Parameter RCE

The version of Joomla! running on the remote host is affected by a remote code execution vulnerability within the comsearch/views/search/tmpl/defaultresults.php script due to improper sanitization of user-supplied input to the 'searchword' parameter before passing it to the eval function. An...

Directory traversal

Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to 1 list.cgi or 2 list2.cgi...

CVE-2007-4655

Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to 1 list.cgi or 2 list2.cgi...

CVE-2007-4655

The CVE-2007-4655 entry describes a directory traversal vulnerability in CGI RESCUE Shopping Basket Professional (Shopping Basket Pro) with versions 7.51 and earlier. The flaw allows remote attackers to enumerate or read arbitrary files and directories via traversal sequences in unspecified param...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

JVN#43091983 Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Ver 1.1.0 and...