[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Author: Maksymilian Arciemowicz cXIb8O3 Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information...

PAFileDB 3.1 - Error Message Full Path Disclosure

PAFileDB 3.1 - Error Message Full Path Disclosure source: https://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1693.prm...

imp3 -- XSS hole in the HTML viewer

The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer...

Cross-site scripting vulnerability in SARA v<=4.2.7

XSS Vulnerability in Security Auditor's Research Assistant SARA versions before 5.0.0 Affects: SARA versions 4.2.6 and 4.2.7. Older versions not tested, presumably affected. Related software sharing common ancestry: SATAN 1.1.1 would not run properly on my test platform, but checking the code it...

CVE-2002-1536

Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the $host variable for nslookup.pl, 2 the $to, $from, or $message variables in pop.pl, 3 the $words or $text variables in sms.pl, or 4 the $server or $printer variables in hpled.pl...

WebWho+ whois.pl time Parameter Arbitrary Command Execution

The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Matlab /tmp usage

INTRODUCTION MATLAB is "The Language of Technical Computing" http://www.mathworks.com/ PROBLEM As installed on UNIX machines, matlab uses shell scripts to launch; these scripts use files in /tmp in an unsafe way. DETAILS The matlab script uses /tmp/$$a and may clobber it, allowing an attacker to...

vqServer 1.9.x - CGI Demo Program Script Injection

vqServer 1.9.x - CGI Demo Program Script Injection source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included...

vqServer 1.9.x - CGI Demo Program Script Injection

source: https://www.securityfocus.com/bid/4573/info vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows. Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues,...

FreeBSD-SA-00:73.thttpd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...

NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing

The remote web server contains the 'nph-test-cgi' test script, which is included by default with some web servers. The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERYSTRING', before echoing it back as part of a shell script. An...

Multiple Vendor test-cgi Arbitrary File Access

The remote web server contains the 'test-cgi' test script, which is included by default with some web servers. The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERYSTRING', before echoing it back as part of a shell script. An...