TorrentTrader Classic Mutiple Remote vulnerabilities
Hello,, TorrentTrader Classic Mutiple Remote vulnerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [EMAIL PROTECTED] Tested on TorrentTrader Classic v1.07 local file inclusion backend/admin-functions.php?ss_uri=dd Xss pjirc/css.php?color=alert(document.cookie); browse.php?cat=alert(document.cookie); #WwW.SoQoR.NeT
new vuln in snewscms.net.ru in lang file
New Advisory: Snewscms Rus http://www.medconsultation.ru Summary Software: SnewsCMS Rus v. 2.1 Sowtware's Web Site: http://www.snewscms.net.ru Versions: 2.1 Critical Level: Moderate Type: XSS Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://medconsultation.ru -Description--- 1. XSS. Vulnerable script: news_page.php Parameters 'page_id' is not properly sanitized before being used in HTML tags. http://target.com/news_page.php?page_id=";>XSS --PoC/Exploit-- Waiting for developer(s) reply. --Solution- No Patch available. --Credit--- Discovered by: http://www.medconsultation.ru
[ GLSA 200710-05 ] QGit: Insecure temporary file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: QGit: Insecure temporary file creation Date: October 07, 2007 Bugs: #190697 ID: 200710-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in QGit allowing local users to overwrite arbitrary files and execute arbitrary code with another user's rights. Background == QGit is a graphical interface to git repositories that allows you to browse revisions history, view patch content and changed files. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-util/qgit < 1.5.7 >= 1.5.7 Description === Raphael Marichez discovered that the DataLoader::doStart() method creates temporary files in an insecure manner and executes them. Impact == A local attacker could perform a symlink attack, possibly overwriting files or executing arbitrary code with the rights of the user running QGit. Workaround == There is no known workaround at this time. Resolution == All QGit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qgit-1.5.7" References == [ 1 ] CVE-2007-4631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4631 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCUgBuhJ+ozIKI5gRAiHKAJ9v9hmxYc46H41rX4jEubQ7QonAEACfWd/h 01WBMQBrOtNcez6sK5+YXIU= =HM7c -END PGP SIGNATURE-
[ GLSA 200710-03 ] libvorbis: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libvorbis: Multiple vulnerabilities Date: October 07, 2007 Bugs: #186716 ID: 200710-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability and several memory corruptions have been discovered in libvorbis. Background == libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libvorbis < 1.2.0 >= 1.2.0 Description === David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c (CVE-2007-3106 and CVE-2007-4029). libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact (CVE-2007-4065 and CVE-2007-4066). Impact == A remote attacker could exploit these vulnerabilities by enticing a user to open a specially crafted Ogg Vorbis file or network stream with an application using libvorbis. This might lead to the execution of arbitrary code with privileges of the user playing the file or a Denial of Service by a crash or CPU consumption. Workaround == There is no known workaround at this time. Resolution == All libvorbis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.2.0" References == [ 1 ] CVE-2007-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3106 [ 2 ] CVE-2007-4029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4029 [ 3 ] CVE-2007-4065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4065 [ 4 ] CVE-2007-4066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4066 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgp8OyoOObLyD.pgp Description: PGP signature
[ GLSA 200710-06 ] OpenSSL: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 07, 2007 Bugs: #188799, #194039 ID: 200710-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer underflow vulnerability and an information disclosure vulnerability have been discovered in OpenSSL. Background == OpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/openssl < 0.9.8e-r3>= 0.9.8e-r3 Description === Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Impact == A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys. Workaround == There is no known workaround at this time. Resolution == All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3" References == [ 1 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 2 ] CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 [ 3 ] CVE-2007-5135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCVBmuhJ+ozIKI5gRAv3NAKCdKfDMXmkNVek/nWT35KbBt4IjggCfRqe7 jH09QwZEvD8+yZD02L7xMjQ= =jbkz -END PGP SIGNATURE-
[ GLSA 200710-07 ] Tk: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Tk: Buffer overflow Date: October 07, 2007 Bugs: #192539 ID: 200710-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in Tk. Background == Tk is a toolkit for creating graphical user interfaces. Affected packages = --- Package / Vulnerable /Unaffected --- 1 dev-lang/tk < 8.4.15-r1 >= 8.4.15-r1 Description === Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Impact == A remote attacker could entice a user to open a specially crafted GIF image with a Tk-based software, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Tk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.15-r1" References == [ 1 ] CVE-2007-4851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4851 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpvmTT1VD4xO.pgp Description: PGP signature
[ GLSA 200710-04 ] libsndfile: Buffer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsndfile: Buffer overflow Date: October 07, 2007 Bugs: #192834 ID: 200710-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in libsndfile. Background == libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/libsndfile < 1.0.17-r1 >= 1.0.17-r1 Description === Robert Buchholz of the Gentoo Security team discovered that the flac_buffer_copy() function does not correctly handle FLAC streams with variable block sizes which leads to a heap-based buffer overflow (CVE-2007-4974). Impact == A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted FLAC file or network stream with an application using libsndfile. This might lead to the execution of arbitrary code with privileges of the user playing the file. Workaround == There is no known workaround at this time. Resolution == All libsndfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.17-r1" References == [ 1 ] CVE-2007-4974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4974 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpHamc9Hvqaj.pgp Description: PGP signature
[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory 1362-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 7th, 2007 http://www.debian.org/security/faq - Package: lighttpd Vulnerability : buffer overflow Problem type : repmote Debian-specific: no CVE Id(s) : CVE-2007-4727 A problem was discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitary code via the overflow of CGI variables when mod_fcgi was enabled. This updated advisory correctly patches the security issue, which was not handled in DSA-1362-1. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch4. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.dsc Size/MD5 checksum: 1098 17dfd0625a22e95cfd3e9ec509fbdb5b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.diff.gz Size/MD5 checksum:36522 13f9e5815efe59582a154beaa70d8330 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch4_all.deb Size/MD5 checksum:99910 e787e67007923593212e2d96f3fe8895 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_alpha.deb Size/MD5 checksum: 318704 b25cf2719b09d58f9dcfebc7798699f1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_alpha.deb Size/MD5 checksum:64748 a9fcb23262d0d958b90a93d1b9aa http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_alpha.deb Size/MD5 checksum:64318 91f28b1d19baea7957d057e97146e537 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_alpha.deb Size/MD5 checksum:71554 2a74fb10316f0f5972f6401a367566b3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_alpha.deb Size/MD5 checksum:61084 5af9bcebd8c89cdde6fd980c61fb3e2d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_alpha.deb Size/MD5 checksum:59324 020186058063587f76a9762b6b226665 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_amd64.deb Size/MD5 checksum:64016 eb011dc4ccd17d1894faa08871aa62d6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_amd64.deb Size/MD5 checksum: 297074 f5003c131e1fd7a277ae003c429baa10 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_amd64.deb Size/MD5 checksum:59410 01be5c483651d0fac93a2d68a71cd2c4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_amd64.deb Size/MD5 checksum:64360 1d712d6a59dfb479f3ec55e4bc68d7c2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_amd64.deb Size/MD5 checksum:70276 babe9aed7e17f4bfea149f5caf07055c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_amd64.deb Size/MD5 checksum:61180 fee215a88ad56aa4c70178d9a15c2ba4 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_arm.deb Size/MD5 checksum:60574 c73a4104a545eff1308aa271df02d4df http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_arm.deb Size/MD5 checksum:62628 c9d8a757fe8fb002c60726c1984ec441 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_arm.deb Size/MD5 checksum:58442 0d8a6b26363ff9a9459f40cb54b9ea57 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_arm.deb Size/MD5 checksum: 285928 ef4d45b093734a86734031ccf8119a24 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_arm.deb Size/MD5 checksum:62830 a889a64793663a3634217a0845e5d34c http://security
[ GLSA 200710-02 ] PHP: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: October 07, 2007 Bugs: #179158, #180556, #191034 ID: 200710-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background == PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-lang/php < 5.2.4_p20070914-r2 >= 5.2.4_p20070914-r2 Description === Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows (CVE-2007-3996). Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow (CVE-2007-2872). Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow (CVE-2007-4661 and CVE-2007-4660). A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly (CVE-2007-1887). Stefan Esser discovered an error in the zend_alter_ini_entry() function handling a memory_limit violation (CVE-2007-4659). Stefan Esser also discovered a flaw when handling interruptions with userspace error handlers that can be exploited to read arbitrary heap memory (CVE-2007-1883). Disclosure of sensitive memory can also be triggered due to insufficient boundary checks in the strspn() and strcspn() functions, an issue discovered by Mattias Bengtsson and Philip Olausson (CVE-2007-4657) Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL filter of the Filter extension allowing arbitrary email header injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed in GLSA 200705-19. Stanislav Malyshev found an error with unknown impact in the money_format() function when processing "%i" and "%n" tokens (CVE-2007-4658). zatanzlatan reported a buffer overflow in the php_openssl_make_REQ() function with unknown impact when providing a manipulated SSL configuration file (CVE-2007-4662). Possible memory corruption when trying to read EXIF data in exif_read_data() and exif_thumbnail() occurred with unknown impact. Several vulnerabilities that allow bypassing of open_basedir and other restrictions were reported, including the glob() function (CVE-2007-4663), the session_save_path(), ini_set(), and error_log() functions which can allow local command execution (CVE-2007-3378), involving the readfile() function (CVE-2007-3007), via the Session extension (CVE-2007-4652), via the MySQL extension (CVE-2007-3997) and in the dl() function which allows loading extensions outside of the specified directory (CVE-2007-4825). Multiple Denial of Service vulnerabilities were discovered, including a long "library" parameter in the dl() function (CVE-2007-4887), in several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783), in the setlocale() function (CVE-2007-4784), in the glob() and fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point exception in the wordwrap() function (CVE-2007-3998), a stack exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop caused by a specially crafted PNG image in the png_read_info() function of libpng (CVE-2007-2756) and several issues related to array conversion. Impact == Remote attackers might be able to exploit these issues in PHP applications making use of the affected functions, potentially resulting in the execution of arbitrary code, Denial of Service, execution of scripted contents in the context of the affected site, security bypass or information leak. Workaround == There is no known workaround at this time. Resolution == All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.4_p20070914-r2" References == [ 1 ] CVE-2007-1883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1883 [ 2 ] CVE-2007-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name