9786 matches found
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2006:0729-01 Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2006:0729 Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...
Moderate: Red Hat Security Advisory: ruby security update
Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)
Official ruby site reports : A vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and a...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.030 2006-11-04 Package: ruby Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLI...
Apache CGI脚本源码信息泄露漏洞
Apache是一款开放源代码WEB服务程序。 Apache的modalias模块在支持区分大小写目录名的文件系统上处理区分大小写的别名指令参数时存在规范化错误。如果攻击者访问有大写的目录名(如CGI-BIN)的URL的话,就可以在ScriptAlias指令引用了文档根目录中目录的某些非默认配置中泄漏cgi-bin目录中应用程序的源码。 有漏洞配置示例: DocumentRoot "path/docroot/" ScriptAlias /cgi-bin/ "/path/docroot/cgi-bin" Apache Group Apache 2.2.2 for Windows 临时解决方法...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
USN-371-1: Ruby vulnerability
An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
CVE-2006-5607
The CVE-2006-5607 entry describes a directory traversal vulnerability in INCA IM-204 exposed via /cgi-bin/webcm, where a crafted getpage parameter containing "/./." sequences allows remote attackers to read arbitrary files. The affected component is the getpage handler of /cgi-bin/webcm. The publ...
Yukihiro Matsumoto Ruby CGI模块畸形MIME数据拒绝服务漏洞
Ruby是动态、开放源码的编程语言。 Ruby CGI模块在处理畸形用户请求时存在漏洞,远程攻击者可能利用此漏洞对服务器执行拒绝服务攻击。 如果攻击者所提交HTTP请求的多部分MIME中包含有无效的边界指示符,就可能在Ruby的CGI库中触发死循环,导致耗尽CUP资源。 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 MandrakeSoft Corporate Server 3.0 x8664 MandrakeSoft Corporate Server 3.0 MandrakeSoft...
Resource Management Errors
Overview Affected versions of this package are vulnerable to Resource Management Errors. The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary...