31 matches found
EUVD-2006-1699
Malware in sbrugna...
EUVD-2006-1698
Malware in sbrugna...
EUVD-1999-1032
Malware in sbrugna...
Matt Wright guestbook.pl Arbitrary Command Execution
No description provided by source. $Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Matt Wright FormMail 1.6/1.7/1.8 Environmental Variables Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to...
The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)
$Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Matt Wright guestbook.pl Arbitrary Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...
CVE-2009-1776
Multiple cross-site scripting XSS vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the 1 request and 2 returnlinkurl parameters...
CVE-2009-1776
CVE-2009-1776 affects Matt Wright FormMail’s FormMail.pl (FormMail 1.92 and possibly earlier). The vulnerability allows cross-site scripting via javascript: URIs in the (1) request and (2) return_link_url parameters, enabling remote attackers to inject arbitrary script/HTML in victims’ browsers. ...
CVE-2009-1777
CVE-2009-1777 : CRLF injection vulnerability in Matt Wright FormMail 1.92 (and possibly earlier) allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the redirect parameter. The vulnerability arises from insufficient input sanitization in FormMail.pl, e...
Matt Wright textcounter.pl远程执行命令漏洞
textcounter.pl是一个由Matt Wright编写的基于Web的记数器脚本,使用比较广泛。 某些早期版本的textcounter.pl脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以httpd进程的权限在主机上执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些特殊字符,远程攻击者可以向$DOCUMENTURI环境变量注入指定的值,脚本在处理的时候就会以Web守护程序的权限(root或nobody)在主机上执行攻击者指定的任意命令。 1.2 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:...
WWWBoard覆盖任意消息漏洞
BugCVE: CVE-1999-0930 BUGTRAQ: 1795 wwwboard.pl是Matt Wright写的一个perl脚本,用来处理web留言板。wwwboard.pl脚本存在一个问题,在用户使用form method=POST提交时没有检查其提交内容。input type=hidden name= followup value=栏的 followup 是相关的前一个消息,如果恶意用户修改了 followup 的值将导致以前存在的留言被覆盖。 2.0 Alpha 2 Matt Wright -----------...
WWWBoard远程管理口令泄露漏洞
BugCVE: CVE-1999-0954 BUGTRAQ: 649 wwwboard.pl是Matt Wright写的一个PERL脚本,用来处理Web留言板。默认安装的WWWBoard存在漏洞,远程攻击者可以窃取WWWBoard管理用户的加密口令。默认WWWBoard的管理用户名是 WebAdmin ,口令是 WebBoard 。 WWWBoard的口令文件 passwd.txt 默认存放在Web根目录下,即使WWWBoard的管理员修改了口令,远程攻击者也可以在下载离线后暴力破解口令文件。 2.0 Alpha 2 临时解决方法:...
MattWrighttextcounter.pl远程执行命令漏洞
textcounter.pl是一个由Matt Wright编写的基于Web的记数器脚本,使用比较广泛。 某些早期版本的textcounter.pl脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以httpd进程的权限在主机上执行任意系统命令。问题在于程序脚本没有过滤用户输入中包含的一些特殊字符,远程攻击者可以向$DOCUMENTURI环境变量注入指定的值,脚本在处理的时候就会以Web守护程序的权限(root或nobody)在主机上执行攻击者指定的任意命令。 Matt Wright TextCounter1.2...
Cross site scripting
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 url, 2 city, 3 state, or 4 country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
Cross site scripting
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
CVE-2006-1698
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 url, 2 city, 3 state, or 4 country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2006-1697
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
CVE-2006-1697
CVE-2006-1697 describes a cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1. The issue allows remote attackers to execute arbitrary web script or HTML through the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message. The connected documents confirm the vu...
CVE-2006-1698
CVE-2006-1698 describes a cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1. According to the provided sources, remote attackers can trigger script/HTML execution through the input parameters (url, city, state, or country). The vulnerability is documented across multiple fee...