SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when...

sdbsearch.cgi

The SuSE cgi SPDX-FileCopyrightText: 2008 Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.80084";...

CVE-2001-1130

The CVE-2001-1130 issue involves SuSE Linux versions 6.0–7.2 using the sdbsearch.cgi CGI. The vulnerability allows remote command execution by uploading a keylist.txt containing filenames with shell metacharacters and then triggering a search that uses the HTTP_REFERER to access the directory hol...

Проблемы с susehelp в SuSE (directory traversal)

В sdbsearch.cgi используется поле Referer: клиентского запроса, которое может сожержать обратный путь...

suse: sdbsearch.cgi vulnerability

Hello, I found weakness in sdbsearch.cgi script which is a part of Suse distribution. This is perl script and since Suse 7.1 they have introduced some form of protection interpreter is called with tainting checking. However, I think it isn't enough and this bug still may produce danger...

SuSE 6.36.47.0 sdb - Arbitrary Command Execution

SuSE 6.36.47.0 sdb - Arbitrary Command Execution source: https://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as...