Lucene search
K

206 matches found

Cvelist
Cvelist
added 2008/10/03 5:18 p.m.32 views

CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

6.3AI score0.04345EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2008/10/03 12:0 a.m.50 views

lighttpd < 1.4.20 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the connectionstatemachine function that is triggered when disconnecting before a download has...

7.5CVSS7.2AI score0.04345EPSS
Exploits3References9
Prion
Prion
added 2008/06/06 10:32 p.m.19 views

Design/Logic Flaw

Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension that uses a different...

9.3CVSS8AI score0.04235EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/06/06 12:0 a.m.26 views

Skype file: URI Handling Security Bypass Arbitrary Code Execution (uncredentialed check)

The version of Skype installed on the remote host reportedly uses improper logic in its 'file:' URI handler when validating URLs by failing to check for certain dangerous file extensions and checking for others in a case-sensitive manner. If an attacker can trick a user on the affected host into...

9.3CVSS6AI score0.04235EPSS
Exploits1References5
NVD
NVD
added 2007/11/15 1:46 a.m.28 views

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

10CVSS5.9AI score0.02105EPSS
Exploits1References8
Prion
Prion
added 2007/11/15 1:46 a.m.28 views

Design/Logic Flaw

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

10CVSS6.1AI score0.02105EPSS
Exploits1References8Affected Software2
Cvelist
Cvelist
added 2007/11/15 1:0 a.m.30 views

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

6.9AI score0.02105EPSS
Exploits1References8
Atlassian
Atlassian
added 2007/10/22 6:2 a.m.21 views

Username upper case are not being restricted in some pages

Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/22 6:2 a.m.21 views

Username upper case are not being restricted in some pages

Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...

3.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2007/10/22 6:2 a.m.20 views

Username upper case are not being restricted in some pages

Username must be created in lowercase in JIRA. At the moment, JIRA allows the username with the lowercase or uppercase letter in Login and Add Watcher pages. It should restrict the case-sensitive when the username is request from the login page or convert it to lower case. JIRA should have this...

3.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/04/03 6:58 p.m.4 views

mysql-server create database privilege escalation

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions...

3.6CVSS7.3AI score0.02729EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/02/19 7:41 p.m.8 views

mysql-server create database privilege escalation

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions...

3.6CVSS7.5AI score0.02729EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/10/30 12:0 a.m.54 views

FreeBSD : mysql -- database 'case-sensitive' privilege escalation (a0e92718-6603-11db-ab90-000e35fd8194)

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permission...

3.6CVSS8.1AI score0.02729EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2006/08/18 8:4 p.m.30 views

CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions...

3.6CVSS7.2AI score0.02729EPSS
Exploits1References1
securityvulns
securityvulns
added 2006/08/17 12:0 a.m.38 views

[SA21506] MySQL Create Database Bypass and Privilege Escalation

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

2AI score
Exploits0
NVD
NVD
added 2006/08/14 8:4 p.m.19 views

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

4.3CVSS6.8AI score0.37365EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2006/08/14 8:0 p.m.42 views

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

4.3CVSS6.5AI score0.37365EPSS
Exploits1
FreeBSD
FreeBSD
added 2006/08/09 12:0 a.m.27 views

mysql -- database "case-sensitive" privilege escalation

Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permission...

3.6CVSS6.5AI score0.02729EPSS
Exploits1References1
Cvelist
Cvelist
added 2005/12/23 1:0 a.m.23 views

CVE-2005-4514

The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and...

6.5AI score0.01559EPSS
Exploits0References6
CVE
CVE
added 2005/12/23 1:0 a.m.48 views

CVE-2005-4514

CVE-2005-4514 concerns the Webwasher CSM Appliance Suite 5.x, where the encapsulation script mechanism uses case-sensitive detection of malicious tokens. This allows bypassing script detection by presenting tokens in mixed case (upper/lower). The vendor notes the issue could not be reproduced as ...

5CVSS7AI score0.01559EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder