Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-263: mapserver Vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-263: mapserver Vulnerabilities
# 1  
Old 04-10-2008
S-263: mapserver Vulnerabilities
The risk is LOW. Could lead to cross-site scripting or stack-based buffer overrun vulnerability, allowing a remote attacker to execute arbitrary code with the privileges of the CGI or httpd user. There are two vulnerabilities in mapserver, a development environment for spatial and mapping applications:1) lack on input sanitizing and output escaping in the CGI mapserver's template handling and error reporting routines; and2) missing bounds checking in mapserver's template handling.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Red Hat

Openssl vulnerabilities

Hi there, The following openssl package are installed on the machine (openssl-1.0.0-27.el6_4.2.x86_64). It isn't the last version but I need to known if this content Vulnerabilities... How to check that on RedHat? Could you please tell me how to find this information?? Thankx (3 Replies)
Discussion started by: hiero_nymus
3 Replies

2. Solaris

What are the NTP 3 vulnerabilities?

Hi Guru I need to know which version of NTP is install in Solaris 10 box. How can I check it. IF NTP 3 in implemented then somebody told me implement NTP 4 due to security reasons, for that I have to tell what are the vulnerabilities present in NTP 3 to higher authorities. I could not able... (5 Replies)
Discussion started by: amity
5 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

cgi::session::driver::sqlite

CGI::Session::Driver::sqlite(3) 			User Contributed Perl Documentation			   CGI::Session::Driver::sqlite(3)

NAME

       CGI::Session::Driver::sqlite - CGI::Session driver for SQLite

SYNOPSIS

	   $s = new CGI::Session("driver:sqlite", $sid, {DataSource=>'/my/folder/sessions.sqlt'});
	   $s = new CGI::Session("driver:sqlite", $sid, {Handle=>$dbh});

       or

	   $s = new CGI::Session('driver:sqlite', undef,
	   {
	       TableName=>'session',
	       IdColName=>'my_id',
	       DataColName=>'my_data',
	       Handle=>$dbh,
	   });

DESCRIPTION

       sqlite driver stores session data in SQLite files using DBD::SQLite DBI driver. More details see CGI::Session::Driver::DBI, its parent
       class.

DRIVER ARGUMENTS

       Supported driver arguments are DataSource and Handle. At most only one of these arguments can be set while creating session object.

       DataSource should be in the form of "dbi:SQLite:dbname=/path/to/db.sqlt". If "dbi:SQLite:" is missing it will be prepended for you. If
       Handle is present it should be database handle ($dbh) returned by DBI::connect().

       As of version 1.7 of this driver, the third argument is NOT optional. Using a default database in the temporary directory is a security
       risk since anyone on the machine can create and/or read your session data. If you understand these risks and still want the old behavior,
       you can set the "DataSource" option to '/tmp/sessions.sqlt'.

BUGS AND LIMITATIONS

       None known.

LICENSING

       For support and licensing see CGI::Session

perl v5.16.3							    2008-07-16					   CGI::Session::Driver::sqlite(3)