Lucene search
K

109 matches found

myhack58
myhack58
added 2009/05/06 12:0 a.m.19 views

Scotty traceless analysis of the hackers to avoid detection of the means-vulnerability warning-the black bar safety net

Hacker's clever is not just that they know how to invadeServer, but also that they know how to disguise their attacks. Malicious attackers will use a variety of escape means to allow yourself to not be detected, so as system administrator, should also be aware of these means to cope with the...

0.2AI score
Exploits0
NVD
NVD
added 2007/12/17 6:46 p.m.36 views

CVE-2007-6405

Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...

6.4CVSS6.6AI score0.02675EPSS
Exploits1References7
OSV
OSV
added 2007/11/15 12:46 a.m.2 views

DEBIAN-CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

3.5CVSS5.7AI score0.0125EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2007/11/15 12:46 a.m.29 views

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

3.5CVSS6AI score0.0125EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2007/11/15 12:0 a.m.63 views

CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

3.5CVSS5.3AI score0.0125EPSS
Exploits1
Cvelist
Cvelist
added 2007/11/01 5:0 p.m.20 views

CVE-2002-2409

Photon microGUI in QNX Neutrino realtime operating system RTOS 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID...

6.2AI score0.00709EPSS
Exploits0References3
CVE
CVE
added 2007/10/20 10:0 a.m.40 views

CVE-2003-1427

Affected product: Netgear FM114P (firmware 1.4) web configuration interface. Vulnerability: Directory traversal via a hex-encoded (../../ )../ in the port parameter, allowing remote attackers to read arbitrary files (e.g., netgear.cfg). Root cause: Insufficient validation of the port parameter en...

6.4CVSS7.1AI score0.02808EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2007/07/11 11:30 p.m.20 views

CVE-2007-3701

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' slash character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack...

7.5CVSS6.7AI score0.08482EPSS
Exploits1References10
Prion
Prion
added 2007/07/11 11:30 p.m.21 views

Code injection

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' slash character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack...

7.5CVSS7.2AI score0.08482EPSS
Exploits1References10Affected Software2
Cvelist
Cvelist
added 2007/07/11 11:0 p.m.22 views

CVE-2007-3701

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' slash character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack...

6.7AI score0.08482EPSS
Exploits1References10
NVD
NVD
added 2006/07/31 9:4 p.m.14 views

CVE-2006-3929

Cross-site scripting XSS vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40PT.0b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter...

4.3CVSS5.7AI score0.03357EPSS
Exploits2References9
Prion
Prion
added 2006/04/11 11:2 p.m.16 views

Crlf injection

CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter...

7.5CVSS7.4AI score0.02624EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2006/04/11 11:0 p.m.42 views

CVE-2006-1714

CVE-2006-1714 is a CRLF injection vulnerability in the phpMyForum 4.0 index.php file. The issue allows remote attackers to inject HTTP headers by sending hex-encoded CRLF sequences through the type parameter, enabling header manipulation. The affected component is the index.php handler of Christo...

7.5CVSS6.9AI score0.02624EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2006/04/11 11:0 p.m.22 views

CVE-2006-1714

CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter...

6.9AI score0.02624EPSS
Exploits1References4
NVD
NVD
added 2005/12/15 11:3 a.m.13 views

CVE-2005-4255

Cross-site scripting XSS vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter...

4.3CVSS5.7AI score0.01752EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/12/15 11:0 a.m.22 views

CVE-2005-4255

Cross-site scripting XSS vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter...

5.7AI score0.01752EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2005/11/29 9:3 p.m.30 views

CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

4.3CVSS6AI score0.06254EPSS
Exploits1References1
NVD
NVD
added 2005/11/29 11:3 a.m.14 views

CVE-2005-3869

Cross-site scripting XSS vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter...

4.3CVSS5.6AI score0.02518EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/11/27 11:0 a.m.22 views

CVE-2005-3850

Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...

5.7AI score0.01177EPSS
Exploits0References5
NVD
NVD
added 2005/11/03 10:2 p.m.14 views

CVE-2005-3484

Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions such as ZIP, AVI, JPG, TXT, and HTML via ".." and hex-encoded 1 slash "/" "%2f" or 2 backslash "" "%5c" sequences...

5CVSS6.8AI score0.01769EPSS
Exploits1References5
Rows per page
Query Builder