9786 matches found
WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution
The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the 'class' variable to various sources before using it to run commands. By leveraging this flaw, an attacker may ...
Windows Apache information leak
It's possible to retrieve file from CGI-BIN directory by typing directory name uppercase http://127.0.0.1/CGI-BIN/chat.pl...
CubeCart < 3.0.4 Multiple Script XSS
The remote version of CubeCart contains several cross-site scripting vulnerabilities due to its failure to properly sanitize user-supplied input of certain variables to the 'index.php' and 'cart.php' scripts. %NASLMINLEVEL 70300 Josh Zlatin-Amishav This script is released under the GNU GPLv2...
Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)
A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...
HP-UX PHSS_33783 : s700_800 11.X OV NNM7.50 CGI PA RISC Intermediate Patch
s700800 11.X OV NNM7.50 CGI PA RISC Intermediate Patch : Potential vulnerabilities have been identified with HP OpenView Network Node Manager OV NNM. These vulnerabilities could be exploited remotely by an unauthorized user to gain privileged access. References: Portcullis Security Advisory 05-01...
HP-UX PHSS_33784 : s700_800 11.23 OV NNM7.50 CGI IA-64 Intermediate Patch
s700800 11.23 OV NNM7.50 CGI IA-64 Intermediate Patch : Potential vulnerabilities have been identified with HP OpenView Network Node Manager OV NNM. These vulnerabilities could be exploited remotely by an unauthorized user to gain privileged access. References: Portcullis Security Advisory 05-014...
CVE-2005-3094
Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter...
CVE-2005-3094
Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter...
CVE-2005-3094
CVE-2005-3094 concerns a vulnerable Avi Alkalay man-cgi script that allows remote attackers to execute arbitrary code through shell metacharacters in the topic parameter. The NVD entry rates this as HIGH (CVSS v2 base 7.5) with a network attack vector, low complexity, and no authentication requir...
Alkalay.Net Multiple Scripts Arbitrary Command Execution
The remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability
The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. This version is prone to an unspecified flaw related to its addressbook. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
TWiki 'rev' Parameter Arbitrary Command Execution
The version of TWiki running on the remote host allows an attacker to manipulate input to the 'rev' parameter in order to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[EXPL] Man2web CGI Command Execution
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
aMember Pro 2.3.X - Remote File Include Vulnerability
aMember Pro 2.3.X - Remote File Include Vulnerability NewAngels Advisory 2 aMember Pro 2.3.X - Remote File Include Vulnerability ============================================================================= Software: aMember Pro 2.3.4 Type: Remote PHP File Include Vulnerability Risk: High Date:...
CVE-2005-2849
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to 1 read portions of source code via the -f option to Dig digdevice.cgi, 2 determine file existence via the -r argument to Tcpdump tcpdumpdevice.cgi or 3 modify files in the...
[NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability
NewAngels Advisory 2 aMember Pro 2.3.X - Remote File Include Vulnerability ======================================================================== ===== Software: aMember Pro 2.3.4 Type: Remote PHP File Include Vulnerability Risk: High Date: Aug. 16 2005 Vendor: CGI Central Credit: =======...
man2web Multiple Scripts Arbitrary Command Execution
The remote host appears to be running man2web, a program for dynamically converting unix man pages to HTML. The installed version of man2web allows attackers to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable...
Become the top hacker necessary Software-bug warning-the black bar safety net
CGI Backdoor: the cgi web backdoors cgi web page back door, envymask write... the Page combiner of the present program can automatically generate web pages, you can put web pages and EXE the synthesis of a new web page, open the page and automatically run the EXE file. You will Trojans incorporat...
2005.1.txt
ID : 2005.1 Product : Barracuda Spam Firewall Appliance Vendor : Barracuda networks Affected product : firmware Published date : 01/09/2005 Initial Vendor contact 2005-06-14 CVE : CVE-MAP-NOMATCH Solution : Install Firmware 3.1.18 Reference URL :...