perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c...

Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

AZL-79064 CVE-2020-24553 affecting package golang 1.25.7-1

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...

Amazon Linux: Security Advisory (ALAS-2011-5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2012-6687

FastCGI aka fcgi and libfcgi 2.4.0 allows remote attackers to cause a denial of service segmentation fault and crash via a large number of connections...

Medium: perl-FCGI

Issue Overview: The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. Affected Packages: perl-FCGI Issu...

CVE-2011-2766

CVE-2011-2766 affects the Perl FastCGI module (FCGI) versions 0.70–0.73 used with CGI::Fast. The root cause is that environment variable values from one request can bleed into processing of a subsequent request, enabling remote attackers to bypass authentication by crafting HTTP headers. The issu...

PT-2010-4249

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services IIS version 7.5 Description A buffer overflow issue exists in Microsoft Internet Information Services IIS 7.5 when FastCGI is enabled. This allows remote attackers to execute arbitrary code via crafted...