9786 matches found
Debian DSA-537-1 : ruby - insecure file permissions
Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore, but not in Debian woody implementations store session information insecurely. They simply create files, ignoring permission issues. This c...
Debian DSA-181-1 : libapache-mod-ssl - XSS
Joe Orton discovered a cross site scripting problem in modssl, an Apache module that adds Strong cryptography i.e. HTTPS support to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only...
Debian DSA-033-1 : analog - buffer overflow
The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form...
CGI bugs
No description provided...
[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
Ruby symbolic links problem
CGI::Session unsecurely creates temporary file...
GLSA-200409-08 : Ruby: CGI::Session creates files insecurely
The remote host is affected by the vulnerability described in GLSA-200409-08 Ruby: CGI::Session creates files insecurely The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Session instance to be written to a file, writes t...
CGI bugs
No description provided...
Ruby: CGI::Session creates files insecurely
Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...
CVE-2002-1361
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP Security Hardening Patch installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter...
CVE-2002-1361
CVE-2002-1361 affects Sun Cobalt RaQ4 with the Security Hardening Patch (SHP) installed. The overflow.cgi CGI script did not properly filter input, allowing a POST to set the email parameter to shell metacharacters and enabling remote code execution with superuser privileges. Public sources descr...
CVE-2002-1156
CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...
CVE-2003-0097
The CVE-2003-0097 entry concerns PHP 4.3.0’s CGI module, where a flaw in force redirect handling (cgi.force_redirect or --enable-force-cgi-redirect) can allow an attacker to access arbitrary files as the PHP user and potentially execute PHP code. Public sources describe this as a by-design bypass...
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
CVE-2002-1147
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the devicereset...
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...
CVE-2003-0097
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings cgi.forceredirect or --enable-force-cgi-redirect...
CVE-1999-1189
The CVE-1999-1189 issue affects Netscape Navigator/Communicator 4.7 on Windows 95/98. A buffer overflow can be triggered by a long argument after the ? in a URL referencing .asp, .cgi, .html, or .pl, allowing remote denial of service and potentially arbitrary command execution. No remediation det...
CGI bugs
No description provided...
PHP < 4.3.1 CGI Module File Access
Binary data 1477.prm...