Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for WebFORM by CGI RESCUE

    JVNDB-2007-000086

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM vulnerable to cross-site scripting
    Details
    WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000086",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN05123538/index.html",
      "@id": "JVN#05123538",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0547",
      "@id": "CVE-2007-0547",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0547",
      "@id": "CVE-2007-0547",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/23913/",
      "@id": "SA23913",
      "@source": "SECUNIA"
    }
  ],
  "title": "CGI RESCUE WebFORM vulnerable to cross-site scripting"
}

    JVNDB-2006-000625

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM allows unauthorized email transmission
    Details
    WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000625",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
      "@id": "JVN#39570254",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2943",
      "@id": "CVE-2006-2943",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2943",
      "@id": "CVE-2006-2943",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/20515",
      "@id": "SA20515",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18434",
      "@id": "18434",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/2234",
      "@id": "FrSIRT/ADV-2006-2234",
      "@source": "FRSIRT"
    }
  ],
  "title": "CGI RESCUE WebFORM allows unauthorized email transmission"
}

    JVNDB-2007-000087

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM missing mail content vulnerability
    Details
    WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000087",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN24879092/index.html",
    "@id": "JVN#24879092",
    "@source": "JVN"
  },
  "title": "CGI RESCUE WebFORM missing mail content vulnerability"
}

    JVNDB-2007-000085

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CGI RESCUE WebFORM vulnerable to HTTP header injection
    Details
    WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000085",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN05088443/index.html",
    "@id": "JVN#05088443",
    "@source": "JVN"
  },
  "title": "CGI RESCUE WebFORM vulnerable to HTTP header injection"
}