17 matches found
EUVD-2008-6520
Malware in sbrugna...
EUVD-2008-6518
Malware in sbrugna...
Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful...
Command injection
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...
Command injection
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command...
CVE-2008-6557
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...
CVE-2008-6556
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command...
CVE-2008-6556
CVE-2008-6556 affects The Puppet Master WebUtil 2.3 via cgi-bin/webutil.pl . The vulnerability allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the whois parameter. The root cause is improper handling of user-supplied input in the whois command, enabling ...
CVE-2008-6557
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...
CVE-2008-6555
CVE-2008-6555 affects the WebUtil component in The Puppet Master, specifically the cgi-bin/webutil.pl script. The vulnerability allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command, enabling full compromise of affected systems reachable over the networ...
CVE-2008-6555
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command...
webutil.pl is still vulnerable against Remote Command Execution.
Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...
Webutil 2.32.7 - webutil.pl Multiple Remote Command Execution Vulnerabilities
Webutil 2.32.7 - webutil.pl Multiple Remote Command Execution Vulnerabilities source: https://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately...
webutil-exec.txt
Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...
Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities
source: https://www.securityfocus.com/bid/28393/info Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected...
Flaw in about.r OS and Progress version disclosure
about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1...
CVE-2007-2266
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...