944 matches found
CVE-2005-3704
CVE-2005-3704 describes a vulnerability in Mac OS X and OS X Server versions 10.4 through 10.4.3 where a remote attacker can spoof syslog messages by injecting control characters (e.g., newline) into log files. The description specifies this affects the system log server and enables manipulation ...
CVE-2005-3704
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline NL...
security flaw
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...
Enterasys Vertical Horizon switches backdoor accounts
There is undocumented backdoor account tiger/tiger123, in addition some privileged control character combination are available to unprivileged user from console or telnet session...
DEBIAN-CVE-2004-1488
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...
CVE-2002-0986
CVE-2002-0986 corresponds to a PHP 4.x vulnerability where mail() did not filter ASCII control characters from arguments, allowing remote attackers to modify mail content including headers and potentially use the server as a spam proxy. The OpenVAS entries confirm the issue arises on PHP
CVE-2004-0478
The CVE-2004-0478 entry describes a DoS flaw in Mozilla where JavaScript can trigger an infinite loop that appends input to a form (potentially via control characters such as an embedded ctrl-U), causing high CPU/RAM usage. Affected versions are not precisely specified; the impact is denial of se...
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Westpoint Security Advisory Title: VisitorBook LE Mail Relay and Cross Site Scripting Risk Rating: Moderate Software: FreeScripts VisitorBook LE Platforms: Most Unix Vendor URL: http://www.freescripts.com/ Author: Paul Johnston [email protected] Date: 10th December 2003 Advisory ID: wp-03-000...
Low: Red Hat Security Advisory: apache security update for Stronghold
Updated Apache packages are available which fix a security issue by preventing control characters from being written to the error log. The updated packages also include a minor bug fix for modproxy. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. T...
(RHSA-2002:214) php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to the MTA such as sendmail in the 5th argument to mail, altering MTA...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
PHP fails to filter ASCII control characters from string arguments of mail() function
Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...
CVE-2002-0757
1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...
CVE-2002-0757
1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...
CVE-2001-1070
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters...
CVE-2001-1070
Sage Software MAS 200 is affected by CVE-2001-1070, where a remote attacker can trigger a denial-of-service by connecting to port 10000 and sending a sequence of control characters. The vulnerability is described as impacting availability (partial impact) with no confidentiality or integrity impa...
CVE-2001-1556
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep...