1115 matches found
[SECURITY] Fedora 18 Update: perl-CGI-3.51-10.fc18
CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...
Cross site scripting
Cross-site scripting XSS vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page...
CVE-2012-4242
Cross-site scripting XSS vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page...
CVE-2012-4242
MF Gig Calendar 0.9.2 (WordPress) is affected by CVE-2012-4242, a cross-site scripting (XSS) vulnerability. The root cause is insufficient sanitisation of a generic parameter in the calendar page query string, enabling remote attackers to inject arbitrary script/HTML. Impact described in the sour...
PT-2012-5271 · Mf · Mf Gig Calendar Plugin
Name of the Vulnerable Software and Affected Versions: MF Gig Calendar plugin version 0.9.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page, which is a cross-site scripting XSS vulnerability. This enables attackers to...
CVE-2012-3848
Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...
CVE-2012-2955
Multiple cross-site scripting XSS vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string...
php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h
sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...
php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h
sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...
PHP 5.3.x < 5.3.13 CGI Query String Code Execution
Binary data 801100.prm...
PHP CGI Query String Parameters Command Execution
Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...
PHP CGI Query String Parameters Command Execution
Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...
PHP CGI Query String Parameters Command Execution
Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...
PHP PHP-CGI Query String Parameter Injection Arbitrary Code Execution
The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc. %NASLMINLEVEL 70300 ...
php: command line arguments injection when run in CGI mode (VU#520827)
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
Critical: Red Hat Security Advisory: php security update
Updated php packages that fix one security issue are now available for Red Hat Application Stack v2. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2012-1823
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
CVE-2012-2335
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with a +...