2 matches found
CVE-2013-3506
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...
CVE-2013-3506
GroundWork Monitor Enterprise 6.7.0 (Performance component: perfchart.cgi) is vulnerable to remote command execution via Server Side Includes (SSI). The flaw stems from not properly restricting XML content, allowing an attacker to craft a .shtml file and leverage SSI to run arbitrary commands. No...