9786 matches found
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
-------------------------------------------------------------------------- Debian Security Advisory DSA 537-1 [email protected] http://www.debian.org/security/ Martin Schulze August 16th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
-------------------------------------------------------------------------- Debian Security Advisory DSA 537-1 [email protected] http://www.debian.org/security/ Martin Schulze August 16th, 2004 http://www.debian.org/security/faq -...
Ruby insecure file permissions in the CGI session management
According to a Debian Security Advisory: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...
DSA-537 ruby - insecure file permissions
Bulletin has no description...
CGI bugs
No description provided...
WackoWiki TextSearch phrase Parameter XSS
The remote host seems to be running the WackoWiki CGI suite. Based on the version information gathered by Nessus, this instance of WackoWiki may be vulnerable to a remote authentication attack. Exploitation of this vulnerability may allow for theft of cookie-based authentication credentials and...
GoScript go.cgi Arbitrary Command Execution
The remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the 'go.cgi' script. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
page.txt
Script affected: page.cgi - content/template merging CGI Author: Andrew Kilpatrick We can execute arbitrary commands with same id of the webserver: http://www.vulnerable.com/page.cgi?url=.html|id| Thanks : Infektion Group irc.phey.net -j infektion...
CGI bugs
No description provided...
RiSearch show.pl Open Proxy Relay
The remote host seems to be running RiSearch, a local search engine. There is a flaw in the CGI 'show.pl' which is bundled with this software that could allow an attacker to use the remote host as an open proxy by doing a request like :...
MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities
The sample CGI mathsum.mscgi is installed on the remote web server. The remote version of this CGI contain several issues which may allow an attacker to execute a cross-site scripting attack, to disable the remote server remotely or to execute arbitrary code with the privileges of the server...
Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)
A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write call in...
Mandrake Linux Security Advisory : perl-CGI (MDKSA-2003:084)
Eye on Security found a cross-site scripting vulnerability in the startform function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site. %NASLMINLEVE...
Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)
A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like...
Mandrake Linux Security Advisory : apache (MDKSA-2003:103)
A buffer overflow in modalias and modrewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file .htaccess o...
CGI bugs
No description provided...
CGI bugs
No description provided...
CGI bugs
No description provided...
Open WebMail Detection
The remote host is running Open WebMail, a webmail package written in Perl that provides access to mail accounts via POP3 or IMAP. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details. include'deprecatednasllevel.inc'; include"compat.inc"; ...
CGI bugs
No description provided...