6 matches found
EUVD-1999-1460
Malware in sbrugna...
textcounter.pl 1.2 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered...
Matt Wright textcounter.pl远程执行命令漏洞
textcounter.pl是一个由Matt Wright编写的基于Web的记数器脚本,使用比较广泛。 某些早期版本的textcounter.pl脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以httpd进程的权限在主机上执行任意系统命令。 问题在于程序脚本没有过滤用户输入中包含的一些特殊字符,远程攻击者可以向$DOCUMENTURI环境变量注入指定的值,脚本在处理的时候就会以Web守护程序的权限(root或nobody)在主机上执行攻击者指定的任意命令。 1.2 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:...
CGI vulnerability highlights-vulnerability warning-the black bar safety net
CGI vulnerability highlights For the following list of CGI vulnerabilities,simply speaking,you can directly delete the program or rewrite the program to reach the safety of the mesh The Below is not completely reprinted from the green Forumvia a Supplement A. phf vulnerability The phf vulnerabili...
MattWrighttextcounter.pl远程执行命令漏洞
textcounter.pl是一个由Matt Wright编写的基于Web的记数器脚本,使用比较广泛。 某些早期版本的textcounter.pl脚本实现上存在输入验证漏洞,远程攻击者可以利用此漏洞以httpd进程的权限在主机上执行任意系统命令。问题在于程序脚本没有过滤用户输入中包含的一些特殊字符,远程攻击者可以向$DOCUMENTURI环境变量注入指定的值,脚本在处理的时候就会以Web守护程序的权限(root或nobody)在主机上执行攻击者指定的任意命令。 Matt Wright TextCounter1.2...
Common 2 7 CGI vulnerability methods of attack-vulnerability warning-the black bar safety net
A. phf vulnerability The phf vulnerability seems to be the most classic,almost all of the articles will be introduced,you can execute Server commands,such as display the/etc/passwd: lynx http://www.victim.com/cgi-bin/phf?Q...t%20/etc/passwd But we can still find it? II. php. cgi 2. 0beta10 or...