Search criteria

4 vulnerabilities found for WebFORM by CGI RESCUE

JVNDB-2006-000625

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
N/A (UNKNOWN) - -
Summary
CGI RESCUE WebFORM allows unauthorized email transmission
Details
WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses. According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM from CGI RESCUE is software which delivers the HTML form inputs via email. WebFORM fails to check the mail headers properly, allowing a remote attacker to send email to arbitrary addresses.\r\n\r\nAccording to the vendor\u0027s information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000625.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000625",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN39570254/index.html",
      "@id": "JVN#39570254",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2943",
      "@id": "CVE-2006-2943",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2943",
      "@id": "CVE-2006-2943",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/20515",
      "@id": "SA20515",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18434",
      "@id": "18434",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/2234",
      "@id": "FrSIRT/ADV-2006-2234",
      "@source": "FRSIRT"
    }
  ],
  "title": "CGI RESCUE WebFORM allows unauthorized email transmission"
}

JVNDB-2007-000085

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
N/A (UNKNOWN) - -
Summary
CGI RESCUE WebFORM vulnerable to HTTP header injection
Details
WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000085.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000085",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN05088443/index.html",
    "@id": "JVN#05088443",
    "@source": "JVN"
  },
  "title": "CGI RESCUE WebFORM vulnerable to HTTP header injection"
}

JVNDB-2007-000087

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
N/A (UNKNOWN) - -
Summary
CGI RESCUE WebFORM missing mail content vulnerability
Details
WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000087.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000087",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN24879092/index.html",
    "@id": "JVN#24879092",
    "@source": "JVN"
  },
  "title": "CGI RESCUE WebFORM missing mail content vulnerability"
}

JVNDB-2007-000086

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
N/A (UNKNOWN) - -
Summary
CGI RESCUE WebFORM vulnerable to cross-site scripting
Details
WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000086.html",
  "sec:cpe": {
    "#text": "cpe:/a:cgi_rescue:webform",
    "@product": "WebFORM",
    "@vendor": "CGI RESCUE",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000086",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN05123538/index.html",
      "@id": "JVN#05123538",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0547",
      "@id": "CVE-2007-0547",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0547",
      "@id": "CVE-2007-0547",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/23913/",
      "@id": "SA23913",
      "@source": "SECUNIA"
    }
  ],
  "title": "CGI RESCUE WebFORM vulnerable to cross-site scripting"
}