4 matches found
CVE-2008-2852
CGIWrap before 4.1 is affected by CVE-2008-2852, an XSS due to error messages not specifying a charset. When using Internet Explorer-based browsers, attackers could inject arbitrary HTML/JS via error responses. The OpenVAS/Nessus/VM sources confirm the IE-specific vector and the CGIWrap XSS descr...
CVE-2005-3254
The CVE-2005-3254 issue affects CGIwrap prior to 3.9 on Debian GNU/Linux, where the minimum UID checked for seteuid operations is incorrectly set to 100 instead of 1000. This mismatch can allow an attacker to execute code as other system UIDs greater than the minimum value, as described in multip...
CVE-2001-0987
CVE-2001-0987 is a Cross-site Scripting vulnerability in CGIWrap before version 3.7. It allows remote attackers to inject arbitrary Javascript into error messages generated by CGIWrap, enabling execution on other web clients. The entry includes a high severity rating (CVSS v2 base score 7.5) and ...
CVE-2006-0767
CVE-2006-0767 affects CGIWrap prior to 3.10. The vulnerability allows remote attackers to obtain sensitive information due to errors in scripts that reveal system information. Affected: CGIWrap