Lucene search
K

77 matches found

NVD
NVD
added 2005/04/27 4:0 a.m.19 views

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

6.8CVSS5.8AI score0.02273EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2005/04/01 12:0 a.m.18 views

Mandrake Linux Security Advisory : htdig (MDKSA-2005:063)

A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security...

6.8CVSS5AI score0.02273EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/02/15 5:0 a.m.19 views

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

5.7AI score0.02273EPSS
Exploits0References18
CVE
CVE
added 2005/02/15 5:0 a.m.86 views

CVE-2005-0085

The CVE-2005-0085 entry concerns ht://dig (htdig) prior to version 3.1.6-r7, which is vulnerable to cross-site scripting (XSS). The root cause is that the config parameter is not properly sanitized before being displayed in an error message, allowing a remote attacker to trigger arbitrary web scr...

6.8CVSS5.7AI score0.02273EPSS
Exploits0References18Affected Software1
Debian CVE
Debian CVE
added 2005/02/15 5:0 a.m.28 views

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

6.8CVSS6AI score0.02273EPSS
Exploits0
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.29 views

[Full-Disclosure] [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability

Gentoo Linux Security Advisory GLSA 200502-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

6.8CVSS5.3AI score0.02273EPSS
Exploits0
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.48 views

ht://Dig HTTP indexing and searching system crossite scripting

Crossite scripting vulnerability during error message generation...

0.3AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.42 views

GLSA-200502-16 : ht://Dig: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200502-16 ht://Dig: XSS vulnerability Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct...

6.8CVSS5.6AI score0.02273EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/02/04 12:0 a.m.28 views

ht://Dig config Parameter XSS

Binary data 2592.prm...

6.8CVSS7.3AI score0.02273EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/11/13 12:0 a.m.63 views

ht://Dig htsearch.cgi words Parameter XSS

The 'htsearch' CGI, which is part of the ht://Dig package, is vulnerable to cross-site scripting attacks, through the 'words' variable. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. %NASLMINLEVEL 70300 C Tenable Network Security, In...

4.3CVSS5.3AI score0.01242EPSS
Exploits1References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.14 views

CVE-2004-0068

PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relativescriptpath parameter to reference a URL on a remote web server that contains the code...

7.6AI score0.01504EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.23 views

Mandrake Linux Security Advisory : htdig (MDKSA-2001:083)

A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like...

6.4CVSS5.5AI score0.02635EPSS
Exploits0References2
Debian
Debian
added 2001/10/17 6:13 a.m.49 views

[SECURITY] [DSA 080-1] New ht://Dig packages fix vulnerability

---------------------------------------------------------------------------- Debian Security Advisory DSA 080-1 [email protected] http://www.debian.org/security/ Martin Schulze October 17th, 2001 - ---------------------------------------------------------------------------- Package : htdig...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2001/10/09 12:0 a.m.46 views

Проблемы в ht://Dig (input validation)

Отсутствие проверки ввода пользователя позволяет задать конфигурационный файл...

0.1AI score
Exploits0References1
CVE
CVE
added 2000/04/10 4:0 a.m.84 views

CVE-2000-0208

The CVE-2000-0208 issue affects the htsearch CGI in the htdig/ht://Dig package. Affected component is the htsearch CGI; the root cause is that parameters to htsearch can be crafted with backticks to cause remote reading of arbitrary files, enabling information disclosure. Impact per sources is pa...

5CVSS6.7AI score0.05836EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2000/03/01 12:0 a.m.28 views

htdig.txt

software: ht://Dig URL: http://www.htdig.org/ Version: 3.1.4, 3.2.0b1 and previous Platforms: Unix, Win32, MacOS, Mac OS X Server Type: CGI, Input validation problem Vendor status: Notified, patch already available Date: 02/28/2000 Summary: Any remote user can view arbitrary files on your system...

7.4AI score
Exploits0
Debian
Debian
added 1998/09/05 12:0 a.m.12 views

[SECURITY] New version of bind fixes buffer overflows

We have received reports that the nslookup and dig utilities as shipped with current distribution of Linux contain possible buffer overflows. We recommend you upgrade your bind package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian...

2.5AI score
Exploits0
Rows per page
Query Builder