ht://Dig: Cross-site scripting vulnerability

Background ht://Dig is an HTTP/HTML indexing and searching system. Description Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks...

htdig -- cross site scripting vulnerability

Michael Krax reports a vulnerability within htdig. The vulnerability lies within an unsanitized config parameter, allowing a malicious attacker to execute arbitrary scripting code on the target's browser. This might allow the attacker to obtain the user's cookies which are associated with the sit...

CVE-2002-2010

Cross-site scripting XSS vulnerability in htsearch.cgi in htdig ht://Dig 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...

XSS in HTDIG

Eg; http://www.anyhost.com/cgi-bin/htsearch.cgi?words=223E3Cscript3Ealert28document.cookie293B3C2Fscript3E all URLS must be on one line Apologies if this is a known issue. Apologies also for posting about XSS, too, but this is not an isolated website, but a commonly used service. ===== -----BEGIN...

CVE-2001-0834

htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...

CVE-2001-0834

CVE-2001-0834 affects the htsearch CGI in ht://Dig (htdig)

CVE-2000-1191

CVE-2000-1191 affects htsearch in htDig up to 3.2 beta, 3.1.6, 3.1.5 and earlier. The vulnerability arises when a non-existent configuration file is requested via the config parameter, causing an error message that reveals the server’s full path. This exposes potential information about the serve...

CVE-2000-0208

The htdig ht://Dig CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks in parameters to htsearch...

ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities

The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10105; scriptversion"1.36"; scriptcveid"CVE-1999-0978...

FreeBSD-SA-00:06.htdig

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:06 Security Advisory FreeBSD, Inc. Topic: htdig port allows remote reading of files Category: ports Module: htdig Announced: 2000-03-01 Affects: Ports collection before...

[SECURITY] New version of htdig released

Package: htdig Vulnerability type: remote exploit Debian-specific: no The version of htdig that was distribution in Debian GNU/Linux 2.1 aka slink is vulnerable to a remote attack. There was a vulnerability in the htsearch script that allowed remote users to read any file on the webserver that is...

[SECURITY] New version of htdig released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman February 27, 2000 - ------------------------------------------------------------------------ Package: htdig Vulnerability type:...

CVE-1999-0978

CVE-1999-0978 concerns ht://Dig htsearch CGI in the htdig package. Connected Nessus entry describes an information-disclosure vulnerability where the htsearch CGI allows reading arbitrary files on the target host. The affected component is the htsearch CGI (part of ht/dig), prior to version 3.1.5...

CVE-1999-0978

htdig allows remote attackers to execute commands via filenames with shell metacharacters...

[SECURITY] New version of htdig released

Package : htdig Vulnerability type: remote exploit Debian-specific : no The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for...

[SECURITY] New version of htdig released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman December 9, 1999 - ------------------------------------------------------------------------ Package : htdig Vulnerability type:...