Lucene search
K

926 matches found

CVE
CVE
added 2007/06/12 9:0 p.m.67 views

CVE-2007-2227

CVE-2007-2227 describes information disclosure in the MHTML protocol handler used by Outlook Express 6 and Windows Mail, which processes MHTML contents via Internet Explorer and ignores the Content-Disposition header. The vulnerability enables an attacker to obtain sensitive data from other IE do...

4.3CVSS5.7AI score0.2504EPSS
Exploits1References13Affected Software1
securityvulns
securityvulns
added 2007/04/30 12:0 a.m.43 views

USP FOSS Distribution 1.01(download.php dnld)Remote File Disclosure

USP FOSS Distribution 1.01download.php dnldRemote File Disclosure D.Script: http://norcalvex.org/pagode/uspfossv101.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Dork:intitle:USP FOSS Distribution V.Code In /user/download.php: /user/download.php ? $file = @$GET'dnld';----+...

0.3AI score
Exploits0
0day.today
0day.today
added 2007/04/06 12:0 a.m.19 views

cattaDoc 2.21 (download2.php fn1) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ====================================================================== cattaDoc 2.21 download2.php fn1 Remote File Disclosure Vulnerability ====================================================================== cattaDoc 2.21download2.php...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/12 12:0 a.m.27 views

Trac content displaying vulnerability

Content-Disposition MIME header is not defined. Crossite scripting...

10CVSS0.7AI score0.01342EPSS
Exploits0Affected Software1
Prion
Prion
added 2007/03/10 10:19 p.m.16 views

Design/Logic Flaw

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.9AI score0.01342EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2007/03/10 10:19 p.m.8 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2007/03/10 10:19 p.m.18 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.5AI score0.01342EPSS
Exploits0References1
OSV
OSV
added 2007/03/10 10:19 p.m.3 views

DEBIAN-CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References1
OSV
OSV
added 2007/03/10 10:19 p.m.20 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS5.8AI score0.01342EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2007/03/10 10:19 p.m.17 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS5.9AI score0.01342EPSS
Exploits0References1
OSV
OSV
added 2007/03/10 10:19 p.m.6 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2007/03/10 10:0 p.m.26 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.5AI score0.01342EPSS
Exploits0References1
CVE
CVE
added 2007/03/10 10:0 p.m.53 views

CVE-2007-1406

CVE-2007-1406 affects Trac before 0.10.3.1. The issue is that Trac did not send a Content-Disposition HTTP header specifying an attachment in certain “unsafe” situations, with the impact and remote attack vectors described as unknown in the sources. The connected records confirm Trac’s version ga...

10CVSS6.5AI score0.01342EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2007/03/10 10:0 p.m.41 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS5.8AI score0.01342EPSS
Exploits0
myhack58
myhack58
added 2006/12/20 12:0 a.m.18 views

In the benefits letter news system application file upload vulnerability-vulnerability warning-the black bar safety net

Recently everyone for dvbbs file upload vulnerability excited, thinking about other inside the system can not be used on? I will for the benefit of the letter of information systems to the topic! System environment: benefits letter press system 3. 1, Windows2000+sp4. Look at this line of code: |...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2006/04/20 6:0 p.m.18 views

CVE-2006-1911

Cross-site scripting XSS vulnerability in MyBB MyBulletinBoard 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment...

5.7AI score0.0124EPSS
Exploits1References4
Prion
Prion
added 2006/02/02 11:2 a.m.19 views

Buffer overflow

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

5CVSS7.1AI score0.10765EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2006/02/02 11:2 a.m.3 views

DEBIAN-CVE-2006-0528

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

5CVSS7.1AI score0.10765EPSS
Exploits1References1
Saint
Saint
added 2005/11/25 12:0 a.m.31 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.7AI score0.31007EPSS
Exploits4
Saint
Saint
added 2005/11/25 12:0 a.m.41 views

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

7.5CVSS7.8AI score0.31007EPSS
Exploits4
Rows per page
Query Builder