Lucene search
+L

359 matches found

Prion
Prion
added 2007/09/21 7:17 p.m.18 views

Buffer overflow

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.ex...

4.3CVSS6.9AI score0.01842EPSS
Exploits0References25Affected Software1
Cvelist
Cvelist
added 2007/09/21 6:0 p.m.24 views

CVE-2007-4066

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.ex...

6.7AI score0.01842EPSS
Exploits0References25
CVE
CVE
added 2007/09/21 6:0 p.m.62 views

CVE-2007-4066

CVE-2007-4066 concerns multiple buffer overflows in libvorbis (pre-1.2.0) that can be triggered by a crafted OGG file, enabling a context-dependent attacker to cause denial of service or other unspecified impact. The vulnerability stems from an overflow in oggenc.exe related to the _psy_noiseguar...

4.3CVSS6.7AI score0.01842EPSS
Exploits0References25Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/13 12:0 a.m.12 views

JVN#91706484 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's IE where the user views a Trac wiki content. Solution Products Affected trac 0.10.3 and earlier versions trac-0.10.3-ja-1 and earlier versions...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2007/03/12 12:0 a.m.27 views

Trac content displaying vulnerability

Content-Disposition MIME header is not defined. Crossite scripting...

10CVSS0.7AI score0.01342EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/03/12 12:0 a.m.15 views

FreeBSD : trac -- XSS vulnerability (e546c7ce-ce46-11db-bc24-0016179b2dd5)

Secunia reports : The vulnerability is caused due to an error within the 'download wiki page as text' function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim uses IE...

5.8AI score
Exploits0References2
PyPA
PyPA
added 2007/03/10 10:19 p.m.8 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2007/03/10 10:19 p.m.18 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.5AI score0.01342EPSS
Exploits0References1
Prion
Prion
added 2007/03/10 10:19 p.m.8 views

Cross site scripting

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.9AI score0.01089EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/03/10 10:19 p.m.17 views

Design/Logic Flaw

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.9AI score0.01342EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2007/03/10 10:19 p.m.19 views

PYSEC-2007-2

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS4.3AI score0.01089EPSS
Exploits0References6
OSV
OSV
added 2007/03/10 10:19 p.m.5 views

DEBIAN-CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References1
NVD
NVD
added 2007/03/10 10:19 p.m.23 views

CVE-2007-1405

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.5AI score0.01089EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2007/03/10 10:19 p.m.15 views

CVE-2007-1405

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS6.1AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2007/03/10 10:19 p.m.9 views

CVE-2007-1405

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

5.4AI score
Exploits0References5
OSV
OSV
added 2007/03/10 10:19 p.m.7 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.4AI score
Exploits0References1
OSV
OSV
added 2007/03/10 10:19 p.m.20 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS5.8AI score0.01342EPSS
Exploits0References2
PyPA
PyPA
added 2007/03/10 10:19 p.m.8 views

PYSEC-2007-2

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.9AI score0.01089EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2007/03/10 10:19 p.m.18 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS5.9AI score0.01342EPSS
Exploits0References1
OSV
OSV
added 2007/03/10 10:19 p.m.6 views

DEBIAN-CVE-2007-1405

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.9AI score0.01089EPSS
Exploits0References1
Rows per page
Query Builder