77 matches found
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
Mandrake Linux Security Advisory : htdig (MDKSA-2005:063)
A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security...
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
CVE-2005-0085
The CVE-2005-0085 entry concerns ht://dig (htdig) prior to version 3.1.6-r7, which is vulnerable to cross-site scripting (XSS). The root cause is that the config parameter is not properly sanitized before being displayed in an error message, allowing a remote attacker to trigger arbitrary web scr...
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
[Full-Disclosure] [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability
Gentoo Linux Security Advisory GLSA 200502-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
ht://Dig HTTP indexing and searching system crossite scripting
Crossite scripting vulnerability during error message generation...
GLSA-200502-16 : ht://Dig: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-16 ht://Dig: XSS vulnerability Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct...
ht://Dig config Parameter XSS
Binary data 2592.prm...
ht://Dig htsearch.cgi words Parameter XSS
The 'htsearch' CGI, which is part of the ht://Dig package, is vulnerable to cross-site scripting attacks, through the 'words' variable. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. %NASLMINLEVEL 70300 C Tenable Network Security, In...
CVE-2004-0068
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relativescriptpath parameter to reference a URL on a remote web server that contains the code...
Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)
A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like...
[SECURITY] [DSA 080-1] New ht://Dig packages fix vulnerability
---------------------------------------------------------------------------- Debian Security Advisory DSA 080-1 [email protected] http://www.debian.org/security/ Martin Schulze October 17th, 2001 - ---------------------------------------------------------------------------- Package : htdig...
Проблемы в ht://Dig (input validation)
Отсутствие проверки ввода пользователя позволяет задать конфигурационный файл...
CVE-2000-0208
The CVE-2000-0208 issue affects the htsearch CGI in the htdig/ht://Dig package. Affected component is the htsearch CGI; the root cause is that parameters to htsearch can be crafted with backticks to cause remote reading of arbitrary files, enabling information disclosure. Impact per sources is pa...
htdig.txt
software: ht://Dig URL: http://www.htdig.org/ Version: 3.1.4, 3.2.0b1 and previous Platforms: Unix, Win32, MacOS, Mac OS X Server Type: CGI, Input validation problem Vendor status: Notified, patch already available Date: 02/28/2000 Summary: Any remote user can view arbitrary files on your system...
[SECURITY] New version of bind fixes buffer overflows
We have received reports that the nslookup and dig utilities as shipped with current distribution of Linux contain possible buffer overflows. We recommend you upgrade your bind package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian...