CVE-2007-6110

Cross-site scripting XSS vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter...

CVE-2007-6110

CVE-2007-6110: Cross-site scripting in htsearch (htdig) 3.2.0b6 via the sort parameter. Documented in multiple advisories (RHSA-2007-1095, CESA-2007:1095, ELSA-2007-1095) and vendor-specific updates. Affected products include Red Hat, Oracle Linux, CentOS, Scientific Linux, and Slackware (HTDIG) ...

Unfixed XSS vulnerability at www.aub.edu.lb

Security researcher NoPh0BiA, has submitted on 29/10/2007 a cross-site-scripting XSS vulnerability affecting www.aub.edu.lb, which at the time of submission ranked 56180 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currentl...

Low: Red Hat Bug Fix Advisory: htdig bug fix update

An updated htdig package that fix various bugs is now available. The htdig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and...

security flaw

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

FreeBSD : htdig -- XSS vulnerability (673aec6f-1cae-11da-bc01-000e0c2e438a)

Michael Krax reports a vulnerability within htdig. The vulnerability lies within an unsanitized config parameter, allowing a malicious attacker to execute arbitrary scripting code on the target's browser. This might allow the attacker to obtain the user's cookies which are associated with the sit...

ht://Dig htsearch.cgi XSS

The SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Ref: Howard Yeend ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.15706";...

ht://Dig's htsearch reveals web server path

ht://Dig SPDX-FileCopyrightText: 2000 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10385";...

Fedora Core 3 : htdig-3.2.0b6-3.FC3.1 (2005-367)

Tue Apr 19 2005 Phil Knirsch 3:3.2.0b6-3.FC3.1 - Fixed security bug with unescaped output in htsearch and qtest 144127 - Removed .la and .a libs from package 145649 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

CVE-2002-2010

Cross-site scripting XSS vulnerability in htsearch.cgi in htdig ht://Dig 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...

CVE-2002-2010

CVE-2002-2010: The htsearch.cgi component of ht://Dig (htdig) versions 3.1.5, 3.1.6, and 3.2 is vulnerable to cross-site scripting (XSS) via the words parameter. An attacker can supply crafted input in the words parameter to cause arbitrary web script or HTML to be injected and executed in a vict...

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

DEBIAN-CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

RHEL 4 : htdig (RHSA-2005:090)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:090 advisory. The ht://Dig system is a Web search and indexing system for a small domain or intranet. Michael Krax reported a cross-site scripting bug affecting...

security flaw

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

Moderate: Red Hat Security Advisory: htdig security update

Updated htdig packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ht://Dig system is a Web search and indexing system for a small domain or intranet. Michael Kr...

[SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 680-1 [email protected] http://www.debian.org/security/ Martin Schulze February 14th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 680-1 [email protected] http://www.debian.org/security/ Martin Schulze February 14th, 2005 http://www.debian.org/security/faq -...

Debian DSA-680-1 : htdig - unsanitised input

Michael Krax discovered a cross site scripting vulnerability in ht://dig, a web search system for an intranet or small internet. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-680. The te...

DSA-680-1 htdig - unsanitised input

Bulletin has no description...