Lucene search
+L

934 matches found

Cvelist
Cvelist
added 2007/03/10 10:0 p.m.26 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.5AI score0.01342EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2007/03/10 10:0 p.m.41 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS5.8AI score0.01342EPSS
Exploits0
myhack58
myhack58
added 2006/12/20 12:0 a.m.18 views

In the benefits letter news system application file upload vulnerability-vulnerability warning-the black bar safety net

Recently everyone for dvbbs file upload vulnerability excited, thinking about other inside the system can not be used on? I will for the benefit of the letter of information systems to the topic! System environment: benefits letter press system 3. 1, Windows2000+sp4. Look at this line of code: |...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2006/04/20 6:0 p.m.19 views

CVE-2006-1911

Cross-site scripting XSS vulnerability in MyBB MyBulletinBoard 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment...

5.7AI score0.0124EPSS
Exploits1References4
Prion
Prion
added 2006/02/02 11:2 a.m.19 views

Buffer overflow

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

5CVSS7.1AI score0.10765EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2006/02/02 11:2 a.m.3 views

DEBIAN-CVE-2006-0528

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

5CVSS7.1AI score0.10765EPSS
Exploits1References1
Saint
Saint
added 2005/11/25 12:0 a.m.31 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.7AI score0.31007EPSS
Exploits4
Saint
Saint
added 2005/11/25 12:0 a.m.56 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.8AI score0.31007EPSS
Exploits4
Saint
Saint
added 2005/11/25 12:0 a.m.24 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.7AI score0.31007EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2005/08/01 12:0 a.m.16 views

FreeBSD : opera -- download dialog spoofing vulnerability (a2aa24fd-00d4-11da-bc08-0001020eed82)

A Secunia Advisory reports : Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be...

5.4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2005/07/28 12:0 a.m.20 views

opera -- download dialog spoofing vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be...

2.7AI score
Exploits0References2
exploitpack
exploitpack
added 2005/07/06 12:0 a.m.13 views

IBM Lotus Domino Notes 6.06.5 - Mail Template Automatic Script Execution

IBM Lotus Domino Notes 6.06.5 - Mail Template Automatic Script Execution source: https://www.securityfocus.com/bid/14164/info IBM Lotus Notes email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.27 views

CVE-2002-1777

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus NAV 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is use...

6.6AI score0.02574EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.28 views

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

2.6CVSS5.9AI score0.00985EPSS
Exploits0References2
NVD
NVD
added 2005/05/02 4:0 a.m.22 views

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

2.6CVSS6.3AI score0.00985EPSS
Exploits0References8
CVE
CVE
added 2005/04/13 4:0 a.m.51 views

CVE-2005-1105

The CVE-2005-1105 entry concerns JavaMail 1.3.2, where a directory-traversal flaw in MimeBodyPart.getFileName allows remote attackers to write arbitrary files by supplying a .. (dot dot) sequence in the Content-Disposition header. This identifies a vulnerability in the file-name handling path, en...

5CVSS6.8AI score0.05834EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2005/04/13 4:0 a.m.32 views

CVE-2005-1105

Removed by vendor...

5CVSS7AI score0.05834EPSS
Exploits0
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.33 views

JavaMail allows directory traversal in attachments

INTRODUCTION The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. 2. SYNOPSIS...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.23 views

JavaMail directory traversal

Content-Disposition header filename is not checked...

2.3AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2005/03/01 7:1 p.m.6 views

security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

2.6CVSS5.8AI score0.00985EPSS
Exploits0References4
Rows per page
Query Builder