EUVD-2007-5093

Malware in sbrugna...

EUVD-2007-4695

Malware in sbrugna...

EUVD-2007-5094

Malware in sbrugna...

Google Urchin 5.7.3 Report.CGI Authorization Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26037/info Google Urchin is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks. Urchin 5.7.03 is...

Urchin 5.7.x session.cgi Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25788/info Urchin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Google Urchin 5.7.03 LFI Vulnerability 0day

No description provided by source. Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Analysis: During normal usage, Google Urchin creates...

Google Urchin 5.7.03 LFI Vulnerability 0day

Exploit for cgi platform in category web applications Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Analysis: During normal usage, Goog...

Google Urchin 5.7.03 Local File Inclusion

Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Windows builds seemingly affected too. Analysis: During normal usage, Google Urchin creat...

Google Urchin 5.7.03 - Local File Inclusion

Google Urchin 5.7.03 - Local File Inclusion Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Analysis: During normal usage, Google Urchin...

Google Urchin 5.7.03 - Local File Inclusion

Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Analysis: During normal usage, Google Urchin creates files on disk that are then embedded...

Google Urchin 5.7.03 Local File Inclusion

While fuzzing an Urchin web application, I discovered what appears to be an LFI vulnerability. Neither Secunia nor Google / Urchin appear to have reported this as a known issue. The problem lies in the gfid parameter passed to urchin.cgi. This was tested on a somewhat modified version of Urchin...

Google Urchin <= 5.7.03 report.cgi Administrative Bypass

Binary data 4242.prm...

Google Urchin 5.7.3 - &#039;Report.cgi&#039; Authentication Bypass

source: https://www.securityfocus.com/bid/26037/info Google Urchin is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks. Urchin 5.7.03 is vulnerable to this issue; other...

Google Urchin 5.7.3 - Report.cgi Authentication Bypass

Google Urchin 5.7.3 - Report.cgi Authentication Bypass source: https://www.securityfocus.com/bid/26037/info Google Urchin is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other...

Authorization bypass in Urchin

Здравствуйте 3APA3A! Сообщаю вам об ещё одной уязвимости в Urchin Web Analytics. В ваших новостях http://securityvulns.ru/news/CGI/2007.09.25.html упоминается Cross-Site Scripting уязвимость в Urchin. Относительно данной уязвимости замечу, что как я уже написал автору в комментариях к его сообщен...

Cross site scripting

Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...

CVE-2007-5113

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information web server logs via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-511...

Authentication flaw

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information web server logs via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-511...

CVE-2007-5112

Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...

CVE-2007-5113

CVE-2007-5113 affects Google Urchin 5 (&lt;= 5.7.03) where report.cgi allows remote attackers to bypass authentication and access sensitive information (web server logs) by modifying query parameters such as profile, rid, prefs, n, vid, bd, ed, dt, and gtype. The vulnerability is related to an au...