Lucene search
K

9304 matches found

Symantec
Symantec
added 2007/08/14 12:0 a.m.16 views

Microsoft XML Core Services SubstringData Integer Overflow Vulnerability

Description Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue...

7.8AI score
Exploits0References1Affected Software16
UbuntuCve
UbuntuCve
added 2007/07/04 3:30 p.m.27 views

CVE-2007-3555

Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...

4.3CVSS6.1AI score0.02951EPSS
Exploits0References1
Prion
Prion
added 2007/07/04 3:30 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...

4.3CVSS5.8AI score0.02951EPSS
Exploits1References12Affected Software1
UbuntuCve
UbuntuCve
added 2007/07/02 7:30 p.m.16 views

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

6.4CVSS6.1AI score0.02386EPSS
Exploits0References1
Prion
Prion
added 2007/07/02 7:30 p.m.10 views

Directory traversal

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

6.4CVSS6.9AI score0.02386EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2007/07/02 7:0 p.m.14 views

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

6.5AI score0.02386EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2007/06/20 2:49 p.m.4 views

mod_perl PerlRun denial of service

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

5CVSS7.4AI score0.10111EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2007/06/14 12:0 a.m.38 views

CentOS 3 : gdb (CESA-2007:0469)

An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a...

5.1CVSS6.3AI score0.03227EPSS
Exploits0References4
NVD
NVD
added 2007/05/18 10:30 p.m.20 views

CVE-2007-2765

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

6.8CVSS6.7AI score0.01531EPSS
Exploits0References6
Prion
Prion
added 2007/05/18 10:30 p.m.24 views

Design/Logic Flaw

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

6.8CVSS7AI score0.01813EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2007/05/18 10:0 p.m.54 views

CVE-2007-2765

CVE-2007-2765 concerns BlockHosts prior to 2.0.3, where improper parsing of daemon logs lets remote attackers add arbitrary entries to /etc/hosts.allow, enabling a denial of service by injecting IPs into a log file. Related entries (e.g., CVE-2007-4322/4323) describe a similar issue affecting Blo...

6.8CVSS6.9AI score0.01531EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2007/05/09 5:19 p.m.12 views

Cross site scripting

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

4.3CVSS6.5AI score0.00989EPSS
Exploits0References4
Cent OS
Cent OS
added 2007/05/02 8:48 a.m.83 views

gdb security update

CentOS Errata and Security Advisory CESA-2007:0229 An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C...

5.1CVSS6.1AI score0.03227EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2007/05/01 2:17 p.m.37 views

Low: Red Hat Security Advisory: gdb security and bug fix update

An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a...

5.1CVSS6.1AI score0.03227EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2007/04/22 7:19 p.m.30 views

CVE-2007-2162

1 Mozilla Firefox 2.0.0.3 and 2 GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service browser crash or system hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

7.8CVSS5.9AI score0.0138EPSS
Exploits0References1
Prion
Prion
added 2007/04/22 7:19 p.m.15 views

Design/Logic Flaw

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service browser hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

4.3CVSS7.1AI score0.12278EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/04/22 7:19 p.m.13 views

CVE-2007-2161

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service browser hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

4.3CVSS6.6AI score0.12278EPSS
Exploits0References5
NVD
NVD
added 2007/04/22 7:19 p.m.19 views

CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

5CVSS6.7AI score0.0142EPSS
Exploits0References3
Prion
Prion
added 2007/04/22 7:19 p.m.16 views

Design/Logic Flaw

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

5CVSS6.9AI score0.0142EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/04/22 7:0 p.m.21 views

CVE-2007-2163

Apple Safari allows remote attackers to cause a denial of service browser crash via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

6.2AI score0.01084EPSS
Exploits0References2
Rows per page
Query Builder