php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

[SECURITY] Fedora 15 Update: python3-3.2.3-1.fc15

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

CVE-2012-1823

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

Design/Logic Flaw

Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inboundproxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication...

Intuit Help System Heap Corruption / Memory Leak

Intuit Help System Protocol URL Heap Corruption and Memory Leak Derek Soeder [email protected] Reported to [email protected] on March 15, 2012; vendor did not respond. Reported to CERT on March 22, 2012; vendor did not respond. Responsible disclosure failed with error code 10060. Published:...

Directory traversal

Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings...

CVE-2012-0232

CVE-2012-0232 concerns GE Proficy Real-Time Information Portal. A directory traversal vulnerability exists in the Remote Interface Service (rifsrvd.exe) listening on TCP 5159, where two input strings used to create a configuration file are not sufficiently validated. Remote, unauthenticated attac...

Condor: Multiple format string flaws

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service condorschedd daemon and failure to launch jobs and possibly execute arbitrary code via...

Stack overflow

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled,...

CVE-2011-4875

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled,...

Double free

Double free vulnerability in the prepareexec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file...

Microsoft Forefront UAG Default Reflected Cross-site Scripting (MS11-079; CVE-2011-1897)

A cross-site scripting vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server. The vulnerability is due to an error in the way the UAG server handles incoming HTTP query strings. A remote attacker could exploit this issue by enticing a user to open a URL containi...

Cross site scripting

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

CVE-2011-4751

CVE-2011-4751 affects SmarterTools SmarterStats 6.2.4100. The issue arises when responses to GET requests with query strings for frmGettingStarted.aspx generate pages containing external links, enabling cross-domain Referer leakage. This can let remote attackers read web-server access logs or web...

ruby security, bug fix, and enhancement update

1.8.7.352-3 - mkconfig.rb: fix for continued lines. ruby-1.8.7-p352-mkconfig.rb-fix-for-continued-lines.patch - Resolves: rhbz730287 1.8.7.352-2 - Fix of ruby interpreter crash in FIPS mode. ruby-1.8.7-FIPS.patch - Resolves: rhbz717709 1.8.7.352-1 - Update to Ruby 1.8.7-p352. Remove Patch43:...

CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...

PHP ip2long Function String Validation Weakness

According to its banner, the 'ip2long' function in the version of PHP installed on the remote host may incorrectly validate an arbitrary string and return a valid network IP address. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

ChaSen vulnerable to buffer overflow

Overview ChaSen provided by Nara Institute of Science and Technology contains a buffer overflow vulnerability. ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a...

RHEL 6 : perl (RHSA-2011:1424)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1424 advisory. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflo...