Lucene search
K

106 matches found

Vulnerability Lab
Vulnerability Lab
added 2014/09/23 12:0 a.m.46 views

PayPal Inc BB #59 - Persistent Mail Encoding Vulnerability

Document Title: =============== PayPal Inc BB 59 - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=844 PayPal Security UID: CabdfGa Release Date: ============= 2014-09-23 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
Prion
Prion
added 2014/06/09 7:55 p.m.12 views

Design/Logic Flaw

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file...

2.1CVSS6.8AI score0.00482EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2013/08/14 11:10 a.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."...

4.3CVSS6AI score0.11469EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/07/10 1:0 a.m.62 views

CVE-2013-3166

CVE-2013-3166 is an XSS vulnerability in Microsoft Internet Explorer (IE6–IE10) that arises from incorrect auto‑selection of the Shift JIS encoding, enabling remote script/HTML execution via cross‑domain scrolling events. The issue is documented as the Shift JIS Character Encoding Vulnerability a...

4.3CVSS5.4AI score0.16319EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2012/11/27 3:35 p.m.3 views

Improper Handling of Alternate Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Alternate Encoding via boost::locale::utf::utftraits in the /boost/locale/utf.hpp, which does not properly detect certain invalid UTF-8 sequences. A remote attacker can bypass input validation protection mechanisms...

6.9CVSS7.1AI score0.0287EPSS
Exploits0References2
Prion
Prion
added 2012/06/12 10:55 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."...

4.3CVSS6AI score0.06355EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/08/10 9:55 p.m.23 views

Design/Logic Flaw

Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different 1 domain or 2 zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."...

4.3CVSS6.8AI score0.13284EPSS
Exploits1References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/15 9:20 a.m.2 views

Internet Explorer vulnerable to cross-site scripting

Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific ISO-2022-JP encoded characters, which may result in cross-site...

4.3CVSS5.8AI score0.13615EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2010/08/25 2:38 p.m.71 views

USN-976-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests...

6.4CVSS5.7AI score0.54779EPSS
Exploits2
myhack58
myhack58
added 2009/10/12 12:0 a.m.21 views

dedecms(plus/feedback_js.php)injection vulnerability-vulnerability warning-the black bar safety net

Found by:Rainy'Fox&St0p Team:two fat network securityhttp://bbs.erpangzi.com Affected version: dedecms GBK 5.1 Vulnerability description: 文件 :plus/feedbackjs.php ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; ifisarray$row $urlindex = $row'id'; Get...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2009/03/19 12:0 a.m.161 views

PostgreSQL转换编码远程拒绝服务漏洞

BUGTRAQ ID: 34090 CVECAN ID: CVE-2009-0922 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL处理转换编码时存在栈溢出漏洞,通过认证的用户可以通过提交特制的SQL查询请求在一段时间期间杀死到PostgreSQL服务器的连接,中断其他用户和客户端的事务处理。 PostgreSQL 8.3.6 厂商补丁: PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.postgresql.org =cut=...

4CVSS7.5AI score0.10242EPSS
Exploits2
myhack58
myhack58
added 2008/07/11 12:0 a.m.192 views

php escapeshellcmd multibyte encoding vulnerability analysis and extension-a vulnerability warning-the black bar safety net

漏洞 公告 在 http://www.sektioneins.de/advisories/SE-2008-03.txt PHP 5 = 5.2.5 PHP 4 = 4.4.8 Some allow as GBK, EUC-KR, SJIS, etc. wide byte character set systems may be affected by this impact, the impact is still very large, the domestic virtual host should be the pass to kill, in testing this...

7.9AI score
Exploits0
OSV
OSV
added 2008/06/02 9:30 p.m.5 views

CVE-2008-1036

The International Components for Unicode ICU library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting XS...

5.3AI score
Exploits0References17
myhack58
myhack58
added 2008/04/02 12:0 a.m.31 views

Common left the back door approach-vulnerability warning-the black bar safety net

For us such a dish hand, finally got the servers is not easy, if it is found it miserable. In fact, the open back door methods there are many, below I to talk, I've learned of several ways. 1. Setuid cp /bin/sh /tmp/. root chmod u-s /tmp/. root Add suid bit to the shell on, although very simple,...

7.6AI score
Exploits0
OSV
OSV
added 2006/05/30 7:2 p.m.10 views

CVE-2006-2659

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...

6.1AI score
Exploits0References13
NVD
NVD
added 2006/05/30 7:2 p.m.12 views

CVE-2006-2659

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...

7.8CVSS6.1AI score0.024EPSS
Exploits0References13
FreeBSD
FreeBSD
added 2006/05/11 12:0 a.m.32 views

postgresql -- encoding based SQL injection

The PostgreSQL development team reports: An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands in...

7.4AI score
Exploits0References1
Cvelist
Cvelist
added 2004/12/10 5:0 a.m.31 views

CVE-2004-1165

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command...

7.2AI score0.04437EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.14 views

Squid < 2.5.STABLE5 %xx URL Encoding ACL Bypass

Binary data 1212.prm...

7.5CVSS7.3AI score0.13809EPSS
Exploits1References3
NVD
NVD
added 2002/12/31 5:0 a.m.11 views

CVE-2002-2145

Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space %20 and a '.' %2e at the end of the filename...

7.5CVSS7.1AI score0.07653EPSS
Exploits1References3
Rows per page
Query Builder