Lucene search
+L

944 matches found

CVE
CVE
added 2005/12/01 2:2 a.m.49 views

CVE-2005-3704

CVE-2005-3704 describes a vulnerability in Mac OS X and OS X Server versions 10.4 through 10.4.3 where a remote attacker can spoof syslog messages by injecting control characters (e.g., newline) into log files. The description specifies this affects the system log server and enables manipulation ...

5CVSS6.7AI score0.01506EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2005/12/01 2:2 a.m.31 views

CVE-2005-3704

System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline NL...

6.6AI score0.01506EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2005/09/27 4:10 p.m.6 views

security flaw

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...

5CVSS6.1AI score0.11919EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/06/21 12:0 a.m.32 views

Enterasys Vertical Horizon switches backdoor accounts

There is undocumented backdoor account tiger/tiger123, in addition some privileged control character combination are available to unprivileged user from console or telnet session...

3AI score
Exploits0References1
OSV
OSV
added 2005/04/27 4:0 a.m.3 views

DEBIAN-CVE-2004-1488

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...

5CVSS7.6AI score0.11919EPSS
Exploits1References1
CVE
CVE
added 2004/09/01 4:0 a.m.66 views

CVE-2002-0986

CVE-2002-0986 corresponds to a PHP 4.x vulnerability where mail() did not filter ASCII control characters from arguments, allowing remote attackers to modify mail content including headers and potentially use the server as a spam proxy. The OpenVAS entries confirm the issue arises on PHP

5CVSS6.4AI score0.03039EPSS
Exploits0References17Affected Software1
CVE
CVE
added 2004/05/20 4:0 a.m.49 views

CVE-2004-0478

The CVE-2004-0478 entry describes a DoS flaw in Mozilla where JavaScript can trigger an infinite loop that appends input to a form (potentially via control characters such as an embedded ctrl-U), causing high CPU/RAM usage. Affected versions are not precisely specified; the impact is denial of se...

2.6CVSS7.2AI score0.01189EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2003/12/11 12:0 a.m.34 views

Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Westpoint Security Advisory Title: VisitorBook LE Mail Relay and Cross Site Scripting Risk Rating: Moderate Software: FreeScripts VisitorBook LE Platforms: Most Unix Vendor URL: http://www.freescripts.com/ Author: Paul Johnston [email protected] Date: 10th December 2003 Advisory ID: wp-03-000...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2003/06/18 10:49 a.m.9 views

Low: Red Hat Security Advisory: apache security update for Stronghold

Updated Apache packages are available which fix a security issue by preventing control characters from being written to the error log. The updated packages also include a minor bug fix for modproxy. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. T...

5CVSS5.9AI score0.17413EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2003/02/06 12:0 a.m.36 views

(RHSA-2002:214) php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to the MTA such as sendmail in the 5th argument to mail, altering MTA...

7.5CVSS6.4AI score0.03039EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2002/11/08 11:15 a.m.3 views

security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

5CVSS5.9AI score0.03039EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/11/08 11:15 a.m.10 views

security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

5CVSS5.9AI score0.03039EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2002/11/07 5:42 p.m.6 views

security flaw

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

5CVSS5.9AI score0.03039EPSS
Exploits0References4
NVD
NVD
added 2002/09/24 4:0 a.m.17 views

CVE-2002-0986

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...

5CVSS6.6AI score0.03039EPSS
Exploits0References17
CERT
CERT
added 2002/09/16 12:0 a.m.13 views

PHP fails to filter ASCII control characters from string arguments of mail() function

Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...

6.5AI score
Exploits0References2
NVD
NVD
added 2002/08/12 4:0 a.m.18 views

CVE-2002-0757

1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...

7.5CVSS7.4AI score0.01851EPSS
Exploits1References4
Cvelist
Cvelist
added 2002/07/26 4:0 a.m.25 views

CVE-2002-0757

1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...

7.3AI score0.01851EPSS
Exploits1References4
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.25 views

CVE-2001-1070

Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters...

6.7AI score0.00848EPSS
Exploits1References3
CVE
CVE
added 2002/02/02 5:0 a.m.53 views

CVE-2001-1070

Sage Software MAS 200 is affected by CVE-2001-1070, where a remote attacker can trigger a denial-of-service by connecting to port 10000 and sending a sequence of control characters. The vulnerability is described as impacting availability (partial impact) with no confidentiality or integrity impa...

2.1CVSS7.1AI score0.00848EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2001/12/31 5:0 a.m.29 views

CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep...

5CVSS6.5AI score0.03564EPSS
Exploits0References3
Rows per page
Query Builder