9786 matches found
CVE-2004-0983
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...
CVE-2004-0983
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities
SIG^2 Vulnerability Research Advisory RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities by Tan Chew Keong Release Date: 01 Mar 2005 ADVISORY URL http://www.security.org.sg/vuln/raidenhttpd1132.html SUMMARY RaidenHTTPD Server http://www.raidenhttpd.com/en/index.html is a...
CERN httpd CGI Name Handling Remote Overflow
The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on t...
PHP/ASP/CGI web applications security bugs
PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc...
Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure
Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names a...
Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure
source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names and user names on a vulnerable computer. Information gathered throug...
lighttpd script source code leak
It's possible to retrieve CGI script source code...
HP-UX PHSS_29541 : HPSBUX0310-285 SSRT3642 Potential Security Vulnerabilities Apache web server HP-UX VVOS and Webproxy.
s700800 11.04 Virtualvault 4.5 IWS Update : 1. Potential Apache web server crash when it goes into an infinite loop due to too many subsequent internal redirects and nested subrequests. VU379828 2. No de-allocation of file descriptors while servicing CGI scripts through child processes...
lighttpd < 1.3.8 Null Byte Request CGI Script Source Code Disclosure
According to its banner, the version of lighttpd running on the remote host is prior to 1.3.8. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this vulnerability, by requesting a CGI script that is appended by a '%00', to read...
GLSA-200502-21 : lighttpd: Script source disclosure
The remote host is affected by the vulnerability described in GLSA-200502-21 lighttpd: Script source disclosure lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent as-is. By appending %00 to the filename, yo...
HP-UX PHSS_28705 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)
s700800 11.X OV NNM6.2 Intermediate Patch, Feb 2003 : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. CERT VU825353, CVE CAN-2002-0839 Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. CERT VU240329...
Lighttpd < 1.3.8 CGI Source Disclosure
Binary data 2624.prm...
lighttpd: Script source disclosure
Background lighttpd is a small-footprint, fast, compliant and very flexible web-server which is optimized for high-performance environments. Description lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent...
AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)
The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software is prone to a command execution flaw as well as an information disclosure vulnerability. An attacker may exploit this feature to obtain more information...
GLSA-200501-36 : AWStats: Remote code execution
The remote host is affected by the vulnerability described in GLSA-200501-36 AWStats: Remote code execution When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin...
CVE-2004-1442
CVE-2004-1442 describes a cross-site scripting (XSS) vulnerability in the db2www CGI interpreter of IBM Net.Data 7 and 7.2. The issue allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is mishandled in error messages such as DTWP001E. The provided sources i...
PHP/ASP/CGI web applications security bugs
PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...
lighttpd -- script source disclosure vulnerability
The lighttpd website reports: In lighttpd 1.3.7 and below it is possible to fetch the source files which should be handled by CGI or FastCGI applications. The vulnerability is in the handling of urlencoded trailing NUL bytes. Installations that do not use CGI or FastCGI are not affected...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...