Lucene search
+L

250 matches found

osv
osv
added 2005/07/06 4:0 a.m.13 views

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the nohttpheaders switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks...

7.3AI score
Exploits0References9
gentoo
gentoo
added 2005/02/13 12:0 a.m.27 views

ht://Dig: Cross-site scripting vulnerability

Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...

6.8CVSS5.9AI score0.02273EPSS
Exploits0
nvd
nvd
added 2004/10/20 4:0 a.m.16 views

CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...

2.1CVSS5.9AI score0.00364EPSS
Exploits0References6
nessus
nessus
added 2004/08/30 12:0 a.m.22 views

GLSA-200408-02 : Courier: XSS vulnerability in SqWebMail

The remote host is affected by the vulnerability described in GLSA-200408-02 Courier: XSS vulnerability in SqWebMail Luca Legato found that SqWebMail is vulnerable to a cross-site scripting XSS attack. An XSS attack allows an attacker to insert malicious code into a web-based application. SqWebMa...

6.8CVSS5.4AI score0.04973EPSS
Exploits1References2
gentoo
gentoo
added 2004/08/04 12:0 a.m.34 views

Courier: Cross-site scripting vulnerability in SqWebMail

Background Courier is an integrated mail and groupware server based on open protocols. It provides ESMTP, IMAP, POP3, webmail, and mailing list services within a single framework. The webmail functionality included in Courier called SqWebMail allows you to access mailboxes from a web browser...

6.8CVSS5.4AI score0.04973EPSS
Exploits1
securityvulns
securityvulns
added 2003/04/08 12:0 a.m.47 views

Vignette Story Server sensitive information disclosure (a040703-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Vignette Story Server sensitive information disclosure Release Date: 04/07/2003 Application: Vignette Story Server v4.1, 6 Platform: Windows / Unix Severity: A remote user can extract sessi...

5CVSS0.2AI score0.01548EPSS
Exploits1
cvelist
cvelist
added 2001/09/18 4:0 a.m.26 views

CVE-2001-0402

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port...

6.5AI score0.02445EPSS
Exploits0References3
cve
cve
added 2001/09/18 4:0 a.m.51 views

CVE-2001-0402

CVE-2001-0402 affects IPFilter 3.4.16 and earlier. The issue is that the module does not include sufficient session information in its cache, enabling a remote attacker to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrest...

7.5CVSS6.9AI score0.02445EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2000/10/13 4:0 a.m.29 views

CVE-2000-0539

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet...

6.4AI score0.01616EPSS
Exploits0References4
httpd
httpd
added 2000/02/25 12:0 a.m.61 views

Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information

Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...

4.3CVSS0.6AI score0.23456EPSS
Exploits0Affected Software1
Rows per page
Query Builder