484 matches found
CVE-2004-1014
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...
USN-20-1: Ruby CGI module vulnerability
The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module cgi.rb. Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel...
PHPLinks 2.1.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/11329/info PHPLinks is reported prone to multiple input validation vulnerabilities. A file include vulnerability is reported to affect the 'index.php' script. This may allow an attacker to include and execute arbitrary PHP scripts. Code execution will occ...
MathoPD 1.x - Remote Buffer Overflow
MathoPD 1.x - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/9871/info It has been reported that Mathopd is prone to a remote buffer overflow vulnerability. The issue arises due to a failure to check the bounds of a buffer storing user-supplied input. It may be possible for...
Novell NetWare Enterprise Web Server /perl/ handler vulnerable to buffer overflow
Overview Novell NetWare Enterprise Web Server contains a buffer overflow vulnerability that can be exploited via the /perl/ HTTP request handler. A remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the server process. Description Novell...
WebCalendar 0.9.x - Local File Inclusion Information Disclosure
source: https://www.securityfocus.com/bid/8237/info It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process...
[SECURITY] [DSA-346-1] New phpsysinfo packages fix directory traversal
-------------------------------------------------------------------------- Debian Security Advisory DSA 346-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 8th, 2003 http://www.debian.org/security/faq -...
MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (1)
source: https://www.securityfocus.com/bid/7865/info mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. The issue is a result of a lack of sufficient bounds checking performed on user-supplied URI parameters that are passed to the 'search.cgi' application. It may ...
MNOGoSearch 3.1.20 - 'search.cgi?UL' Remote Buffer Overflow (2)
source: https://www.securityfocus.com/bid/7865/info mnoGoSearch 'search.cgi' has been reported prone to a buffer overflow vulnerability. The issue is a result of a lack of sufficient bounds checking performed on user-supplied URI parameters that are passed to the 'search.cgi' application. It may ...
GoAhead Web Server 2.1 - Arbitrary Command Execution
GoAhead Web Server 2.1 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/5464/info GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It is available for a variety of platfor...
GoAhead Web Server 2.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/5464/info GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It is available for a variety of platforms including Microsoft Windows and Linux variant...
iPlanet vulnerabilities on IRIX
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: iPlanet vulnerabilities Number: 20020803-01-P Date: August 1, 2002 Reference: CERT® Vulnerability Note 276767 Reference: CAN-2001-0327 - ----------------------- - --- Issue Specifics --- - ----------------------- Multiple...
Lumigent Log Explorer 3.0.1 - XP_LogAttach_SetPort Buffer Overflow
Lumigent Log Explorer 3.0.1 - XPLogAttachSetPort Buffer Overflow source: https://www.securityfocus.com/bid/5017/info A buffer overflow vulnerability in xplogattach.dll has been reported for Lumigent Log Explorer. Specifically, this affects the xplogattachsetport stored procedure. If this conditio...
Lumigent Log Explorer XP - _LogAttach_StartProf Buffer Overflow
source: https://www.securityfocus.com/bid/5016/info A buffer overflow vulnerability in xplogattach.dll has been reported for Lumigent Log Explorer. Specifically, this affects the xplogattachStartProf stored procedure. If this condition is successfully exploited, it is possible for locations in...
Hosting Controller 1.x - Browse.asp File Disclosure
Hosting Controller 1.x - Browse.asp File Disclosure source: https://www.securityfocus.com/bid/4778/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The 'browse.asp' script is prone to...
Hosting Controller 1.x - 'Browse.asp' File Disclosure
source: https://www.securityfocus.com/bid/4778/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The 'browse.asp' script is prone to an issue which may allow a remote attacker to view...
eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
eSO Security Advisory: 2408 Discovery Date: April 3, 2000 ID: eSO:2408 Title: CIDER SHADOW CGI arbitrary command execution vulnerabilities Impact: Remote attackers can execute commands with the privileges of the running web server process Affected Technology: CIDER SHADOW 1.5, 1.6 Vendor Status:...
cgiemail web-based email system does not adequately validate user input thereby causing buffer overflow in cgisco.c
Overview There exists a buffer overflow vulnerability in cgiemail that allows execution of arbitrary code. Description cgiemail is a CGI program maintained that composes data submitted on Web forms into email messages. The cgicso.c component of the web-based email system cgiemail contains a buffe...
DEBIAN-CVE-2001-1534
modusertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication...
WebSphere application server plugin issue & vendor fix
I've had the opportunity to work with IBM WebSphere application server for a few months now and, in the course of playing around with some buffer overrun testing, a potential issue came up. WebSphere uses the HTTP Host: header to decide which WAS Virtual Host will service a particular request...