Lucene search
K

31 matches found

Tenable Nessus
Tenable Nessus
added 2013/06/28 12:0 a.m.36 views

Mandriva Linux Security Advisory : curl (MDVSA-2013:180)

A vulnerability has been discovered and corrected in curl : libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations...

6.8CVSS6.8AI score0.11118EPSS
Exploits2References2
Mageia
Mageia
added 2013/06/26 6:44 p.m.39 views

Updated curl packages fix CVE-2013-2174

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...

6.8CVSS1.3AI score0.11118EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2013/06/22 12:0 a.m.31 views

cURL library -- heap corruption in curl_easy_unescape

cURL developers report: libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...

6.8CVSS6.4AI score0.11118EPSS
Exploits2References1
OSV
OSV
added 2007/07/24 12:30 a.m.3 views

DEBIAN-CVE-2007-3946

modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...

6.4CVSS6.8AI score0.03422EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2007/07/24 12:30 a.m.30 views

CVE-2007-3946

modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...

6.4CVSS6AI score0.03422EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2006/12/15 10:28 p.m.28 views

CVE-2006-6600

Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...

6CVSS6.1AI score0.00974EPSS
Exploits1References1
NVD
NVD
added 2006/12/15 10:28 p.m.17 views

CVE-2006-6600

Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...

6CVSS5.7AI score0.00974EPSS
Exploits1References2
CVE
CVE
added 2006/12/15 10:0 p.m.54 views

CVE-2006-6600

CVE-2006-6600 describes a Cross-site Scripting (XSS) vulnerability in TorrentFlux 2.2, specifically in dir.php, where remote attackers can inject arbitrary web script or HTML through double URL-encoded strings in the dir parameter. This is linked to CVE-2006-5609. The provided sources confirm the...

6CVSS5.7AI score0.00974EPSS
Exploits1References2Affected Software1
Ubuntu
Ubuntu
added 2006/05/29 5:36 p.m.44 views

USN-288-1: PostgreSQL server/client vulnerabilities

CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques such as replacing a single quote '''''''...

7.5CVSS6AI score0.02792EPSS
Exploits0References1
exploitpack
exploitpack
added 2000/02/08 12:0 a.m.24 views

Zeus Web Server 3.x - Null Terminated Strings

Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/01/12 12:0 a.m.57 views

altavista.txt

hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ... http://server:port/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd or on an micro$oft IIS...

7.4AI score
Exploits0
Rows per page
Query Builder