EUVD-2008-6520

Malware in sbrugna...

EUVD-2008-6518

Malware in sbrugna...

Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful...

CVE-2008-6556

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command...

CVE-2008-6557

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...

Command injection

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...

Command injection

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command...

CVE-2008-6555

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command...

CVE-2008-6556

CVE-2008-6556 affects The Puppet Master WebUtil 2.3 via cgi-bin/webutil.pl . The vulnerability allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the whois parameter. The root cause is improper handling of user-supplied input in the whois command, enabling ...

CVE-2008-6557

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...

CVE-2008-6555

CVE-2008-6555 affects the WebUtil component in The Puppet Master, specifically the cgi-bin/webutil.pl script. The vulnerability allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command, enabling full compromise of affected systems reachable over the networ...

webutil.pl is still vulnerable against Remote Command Execution.

Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...

Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities

source: https://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected...

Webutil 2.32.7 - webutil.pl Multiple Remote Command Execution Vulnerabilities

Webutil 2.32.7 - webutil.pl Multiple Remote Command Execution Vulnerabilities source: https://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately...

webutil-exec.txt

Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...

Flaw in about.r OS and Progress version disclosure

about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1...

CVE-2007-2266

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...