Lucene search
K

3931 matches found

NVD
NVD
added 2004/01/20 5:0 a.m.20 views

CVE-2003-1028

The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid1000...

5CVSS6.7AI score0.19052EPSS
Exploits0References6
CVE
CVE
added 2004/01/08 5:0 a.m.62 views

CVE-2003-1028

CVE-2003-1028 : The vulnerability lies in the download function of Internet Explorer 6 SP1, where an HTTP response with an invalid Content-Type and a .htm file can disclose the cache directory name. This information disclosure could allow remote attackers to bypass security measures that rely on ...

5CVSS7.1AI score0.19052EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2003/12/31 5:0 a.m.16 views

CVE-2003-1338

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header...

4.3CVSS7AI score0.00891EPSS
Exploits1References1
NVD
NVD
added 2003/05/12 4:0 a.m.21 views

CVE-2003-0113

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in 1 Content-type and 2 Content-encoding fields...

7.5CVSS7.9AI score0.39367EPSS
Exploits0References5
Cvelist
Cvelist
added 2003/04/26 4:0 a.m.25 views

CVE-2003-0113

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in 1 Content-type and 2 Content-encoding fields...

8AI score0.39367EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2003/04/08 12:0 a.m.19 views

seti@home remotely exploitable buffer overflow

The seti@home client contains a buffer overflow in the HTTP response handler. A malicious, spoofed seti@home server can exploit this buffer overflow to cause remote code execution on the client. Exploit programs are widely available...

1.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2003/03/23 12:0 a.m.84 views

DCP-Portal Multiple Script XSS

The version of DCP-Portal installed on the remote host fails to sanitize input to the script 'calendar.php' before using it to generate dynamic HTML, that could let an attacker execute arbitrary code in the browser of a legitimate user. It may also be affected by HTML injection flaws, which could...

4.3CVSS5.7AI score0.05324EPSS
Exploits3References4
securityvulns
securityvulns
added 2002/08/26 12:0 a.m.42 views

More OmniHTTPd Problems

I've discovered another vulnerability in one of the OmniHTTPd sample apps. This time, the culprit is "/cgi-bin/redir.exe". This app is vulnerable to a newline injection issue. The vulnerability occurs because the "URL" query parameter case sensitive is decoded and placed directly into the respons...

Exploits0
securityvulns
securityvulns
added 2001/12/01 12:0 a.m.72 views

Other Web Servers vulnerable to %3f.jsp directory listing

I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the 3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server:...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2001/10/26 12:0 a.m.37 views

Weak authentication in iBill's Password Management CGI

Vulnerable Program: ibillpm.pl Perl CGI script Distributed by: iBill Internet Billing Company, http://www.ibill.com Problem: iBill hard codes a weak password for the user management script, ibillpm.pl, installed for clients that use the Password Management system. The weak password is the client'...

Exploits0
securityvulns
securityvulns
added 2001/09/22 12:0 a.m.45 views

Реальный путь к файлам в XCache (information leakage)

В заголовках HTTP-ответа содержится реальный путь к файлу...

0.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder