Lucene search
K

1301 matches found

Tenable Nessus
Tenable Nessus
added 2004/10/02 12:0 a.m.26 views

Mandrake Linux Security Advisory : samba (MDKSA-2004:104)

Karol Wiesek discovered a bug in the input validation routines used to convert DOS path names to path names on the Samba host's file system. This bug can be exploited to gain access to files outside of the share's path as defined in the smb.conf configuration file. This vulnerability exists in al...

7.5CVSS5.3AI score0.04887EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2004/09/17 12:0 a.m.30 views

Fedora Core 2 : apr-util-0.9.4-14.2 (2004-308)

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

5CVSS5.5AI score0.21769EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/17 12:0 a.m.43 views

Fedora Core 1 : apr-util-0.9.4-2.1 (2004-307)

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

5CVSS5.5AI score0.21769EPSS
Exploits0References2
securityvulns
securityvulns
added 2004/09/16 12:0 a.m.79 views

[ANNOUNCE] Apache HTTP Server 2.0.51 Released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server "Apache". This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This versi...

5CVSS0.3AI score0.69653EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2004/09/16 12:0 a.m.48 views

Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)

According to its Server response header, the remote host is running a version of Apache 2.0.x prior to 2.0.51. It is, therefore, affected by multiple vulnerabilities : - An input validation issue in apr-util can be triggered by malformed IPv6 literal addresses and result in a buffer overflow...

7.8CVSS5.9AI score0.69653EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2004/09/15 3:20 p.m.54 views

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that include fixes for security issues are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Four issues have been discovered affecting releases of the Apache HTTP 2.0 Server, up to and including version 2.0.50:...

7.8CVSS6.5AI score0.69653EPSS
Exploits1References4
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.20 views

CVE-2002-1477

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode...

7.2AI score0.02284EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.25 views

GLSA-200408-07 : Horde-IMP: Input validation vulnerability for Internet Explorer users

The remote host is affected by the vulnerability described in GLSA-200408-07 Horde-IMP: Input validation vulnerability for Internet Explorer users Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer...

4.3CVSS6.1AI score0.01208EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/08/25 12:0 a.m.21 views

JShop Input Validation Hole in &#39;page.php&#39; Permits Cross-Site Scripting Attacks

Indonesia Security Development Team Indohack http://indohack.sourceforge.net/drponidi =========================================================================== Security Advisory Advisory Name: JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks Platform: Linux Any, UN...

0.7AI score
Exploits0
Apache Httpd
Apache Httpd
added 2004/08/25 12:0 a.m.57 views

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

5CVSS1.2AI score0.21769EPSS
Exploits0Affected Software1
CERT
CERT
added 2004/08/13 12:0 a.m.23 views

JetboxOne may allow unauthorized users to execute arbitrary code

Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...

7.9AI score
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2004/08/10 12:0 a.m.35 views

Horde-IMP: Input validation vulnerability for Internet Explorer users

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...

4.3CVSS0.5AI score0.01208EPSS
Exploits0
exploitpack
exploitpack
added 2004/07/30 12:0 a.m.15 views

myServer 0.6.2 - math_sum.mscgi Multiple Remote Overflows

myServer 0.6.2 - mathsum.mscgi Multiple Remote Overflows source: https://www.securityfocus.com/bid/10831/info Reportedly MyServer is affected by multiple remote vulnerabilities in the 'mathsum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly...

0.3AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/16 12:0 a.m.38 views

Horde-IMP: Input validation vulnerability

Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact By enticing a user to read a specially crafted...

6.8CVSS6.8AI score0.0134EPSS
Exploits0
securityvulns
securityvulns
added 2004/05/13 12:0 a.m.26 views

[Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability

Opera Telnet URI Handler File Creation/Truncation Vulnerability iDEFENSE Security Advisory 05.12.04 www.idefense.com/application/poi/display?id=104&type=vulnerabilities May 12, 2004 I. BACKGROUND Opera is a cross-platform web browser. More information is available from http://www.opera.com/ II...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/05/13 12:0 a.m.19 views

Re: [Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability

Another minor issue has also been corrected in Opera Browser version 7.50, allowing malicious websites to spoof the address bar. The solutions remains the same, therefore no need to paste our full advisory here. However, if you wish further details, they can be found at:...

Exploits0
Cvelist
Cvelist
added 2003/12/11 5:0 a.m.18 views

CVE-2003-0979

FreeScripts VisitorBook LE visitorbook.pl does not properly escape line breaks in input, which allows remote attackers to 1 use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or 2 cause the guestbook database to be deleted via a large number of line...

6.6AI score0.01041EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/11/17 12:0 a.m.21 views

Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion

Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion source: https://www.securityfocus.com/bid/9054/info It has been reported that Rolis Guestbook may be vulnerable to an input validation issue that may allow an attacker to include malicious files containing arbitrary code to be executed...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2003/09/29 12:0 a.m.32 views

GuppY 2.4 - HTML Injection

source: https://www.securityfocus.com/bid/8717/info It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, "postguest.php", does not perform input validation to prevent the inclusion of HTML/script content in messages posted to the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/09/01 12:0 a.m.26 views

[Full-Disclosure] XSS in ezboard

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla sorry but I don't have ti...

6.8AI score
Exploits0
Rows per page
Query Builder