Lucene search
+L

8 matches found

NVD
NVD
added 2020/02/20 5:15 p.m.27 views

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

9.8CVSS9.3AI score0.247EPSS
Exploits5References3
OSV
OSV
added 2015/08/05 1:59 a.m.2 views

DEBIAN-CVE-2015-3438

Multiple cross-site scripting XSS vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a 1 four-byte UTF-8 character or 2 invalid character that reaches the database layer, as demonstrated by a crafted...

4.3CVSS5.8AI score0.08578EPSS
Exploits1References1
Mageia
Mageia
added 2015/01/31 1:23 p.m.46 views

Updated icu packages fix security vulnerabilities

Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode ICU 52 before SVN revision 292944 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via vectors related to a...

7.5CVSS9.4AI score0.02217EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/01/27 6:46 p.m.5 views

ICU: uninitialized value use in the collation component

The collator implementation in i18n/ucol.cpp in International Components for Unicode ICU 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have...

7.5CVSS7.4AI score0.02068EPSS
Exploits0References5
Prion
Prion
added 2015/01/22 10:59 p.m.17 views

Information disclosure

The collator implementation in i18n/ucol.cpp in International Components for Unicode ICU 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have...

7.5CVSS7.5AI score0.02068EPSS
Exploits0References18Affected Software2
UbuntuCve
UbuntuCve
added 2014/06/25 12:0 a.m.49 views

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

9.8CVSS7AI score0.247EPSS
Exploits5References3
Prion
Prion
added 2013/08/14 11:10 a.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."...

4.3CVSS6AI score0.11469EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2003/12/23 12:0 a.m.19 views

Opera Browser 6.0 6 - URI Display Obfuscation

Opera Browser 6.0 6 - URI Display Obfuscation source: https://www.securityfocus.com/bid/9281/info A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a...

7.4AI score
Exploits0
Rows per page
Query Builder