310 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the 1 host parameter to stat/host.php, nodayshow parameter to 2 mostvisitpage.php and 3 visitorduration.php in stat/, 4 nopagesmost parameter to...
CVE-2009-4717
Multiple cross-site scripting XSS vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the 1 host parameter to stat/host.php, nodayshow parameter to 2 mostvisitpage.php and 3 visitorduration.php in stat/, 4 nopagesmost parameter to...
Buffer overflow
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205...
CVE-2008-4562
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205...
CVE-2008-4562
CVE-2008-4562 describes a buffer overflow in the HP OpenView Network Node Manager (OV NNM) ovlaunch CGI on Windows, enabling remote code execution via a crafted Host parameter in OV NNM versions 7.01, 7.51, and 7.53. Multiple connected sources (Red Hat advisories and HP patch notes in the Nessus ...
Sql injection
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...
PT-2005-5364 · Tellme · Tellme
Name of the Vulnerable Software and Affected Versions: TellMe versions 1.2 and earlier Description: The issue allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q Host parameter. Recommendations: For TellMe...
PT-2005-3450 · E107 · E107 Eping Plugin
Name of the Vulnerable Software and Affected Versions: e107 ePing plugin versions 1.02 and earlier Description: The issue allows remote attackers to execute arbitrary code or overwrite files. This can be achieved through shell metacharacters in the eping count parameter or restricted shell...
CVE-2005-1997
show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter...
PT-2002-1539 · Linux Directory Penguin · Linux Directory Penguin Traceroute.Pl Cgi Script
Name of the Vulnerable Software and Affected Versions: Linux Directory Penguin traceroute.pl CGI script version 1.0 Description: The issue allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter. This is a result of a flaw in the traceroute.pl CGI script...