5 matches found
CVE-2008-7249
Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...
Stack overflow
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...
CVE-2008-1168
Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...
CVE-2008-1167
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...
CVE-2008-1168
Cross-site scripting (XSS) in Squid Analysis Report Generator (Sarg) affects multiple 2.2.x releases (notably 2.2.4; earlier 2.2.3.1) via the User-Agent header when rendering the Squid proxy log. Root cause: an improper handling of User-Agent data leads to script/HTML injection. Impact: remote at...