Lucene search
K

631 matches found

Cvelist
Cvelist
added 2006/02/24 12:0 a.m.19 views

CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

5.5AI score0.02034EPSS
Exploits0References20
CVE
CVE
added 2006/02/24 12:0 a.m.108 views

CVE-2006-0195

CVE-2006-0195 affects SquirrelMail 1.4.0–1.4.5 and is caused by an interpretation conflict in the MagicHTML filter, enabling remote XSS via style sheet specifiers with invalid /* */ comments or a newline in the url specifier. Public advisories and OpenVAS entries reference related fixes; Debian/C...

4.3CVSS5.5AI score0.02034EPSS
Exploits0References20Affected Software1
Prion
Prion
added 2006/02/20 10:2 p.m.19 views

Cross site scripting

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

2.6CVSS5.9AI score0.02128EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2006/02/14 7:0 p.m.77 views

CVE-2005-3058

Fortinet FortiGate/FortiOS 2.8MR10 and FortiGate v3beta expose a vulnerability where remote attackers can bypass the URL blocker by using HTTP requests terminated with a line feed (LF) instead of CRLF or by requests without a Host header. This interpretation conflict in parsing HTTP requests is t...

7.5CVSS6.6AI score0.03101EPSS
Exploits1References7Affected Software1
Debian
Debian
added 2006/01/27 10:1 a.m.30 views

[SECURITY] [DSA 958-1] New drupal packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 958-1 [email protected] http://www.debian.org/security/ Martin Schulze January 27th, 2006 http://www.debian.org/security/faq -...

6.4CVSS1.8AI score0.0482EPSS
Exploits0
OSV
OSV
added 2006/01/27 12:0 a.m.23 views

DSA-958-1 drupal - several

Bulletin has no description...

6.4CVSS6.1AI score0.0482EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.46 views

Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)

A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. CAN-2005-2701 Mats Palmgren discovered a buffer overflow in the Unicode string parser...

7.5CVSS6.6AI score0.10718EPSS
Exploits0References8
NVD
NVD
added 2005/12/20 11:3 a.m.18 views

CVE-2005-4426

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could b...

4CVSS5.6AI score0.01101EPSS
Exploits0References4
CVE
CVE
added 2005/12/20 11:0 a.m.78 views

CVE-2005-4426

CVE-2005-4426 involves YaBB before 2.1 where an interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF extension, causing the HTML to execute in Internet Explorer (as described for CVE-2005-3312). The issue is tied to YaBB’s ...

4CVSS5.9AI score0.01101EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2005/12/03 7:3 p.m.28 views

CVE-2005-3975

Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet...

4CVSS6.1AI score0.0482EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2005/12/01 12:0 a.m.19 views

WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting

source: https://www.securityfocus.com/bid/15673/info WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/12/01 12:0 a.m.21 views

WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting

WebCalendar 1.0.1 - LayersToggle.php HTTP Response Splitting source: https://www.securityfocus.com/bid/15673/info WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/11/03 12:0 a.m.16 views

PHP Handicapper - Process_signup.php HTTP Response Splitting

PHP Handicapper - Processsignup.php HTTP Response Splitting source: https://www.securityfocus.com/bid/15301/info PHP Handicapper is vulnerable to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker...

7.4AI score
Exploits0
NVD
NVD
added 2005/11/01 12:47 p.m.17 views

CVE-2005-3399

Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

5CVSS6.5AI score0.0781EPSS
Exploits0References2
NVD
NVD
added 2005/11/01 12:47 p.m.13 views

CVE-2005-3400

Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

5CVSS6.5AI score0.01435EPSS
Exploits0References2
NVD
NVD
added 2005/11/01 12:47 p.m.14 views

CVE-2005-3401

Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

5CVSS6.5AI score0.01654EPSS
Exploits0References4
CVE
CVE
added 2005/11/01 11:0 a.m.62 views

CVE-2005-3400

The CVE-2005-3400 entry describes a vulnerability in Fortinet 2.48.0.0 identified as a multiple interpretation error. The issue allows remote attackers to bypass virus scanning by submitting a file type such as BAT, HTML, or EML that contains an MZ (EXE) magic byte sequence, causing the file to b...

5CVSS6.9AI score0.01435EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/11/01 11:0 a.m.22 views

CVE-2005-3400

Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

6.5AI score0.01435EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/11/01 11:0 a.m.19 views

CVE-2005-3401

Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

6.5AI score0.01654EPSS
Exploits0References4
CVE
CVE
added 2005/11/01 11:0 a.m.46 views

CVE-2005-3401

CVE-2005-3401 describes a vulnerability in TheHacker 5.8.4.128 where a multiple interpretation error permits a remote bypass of virus scanning by crafted files (e.g., BAT, HTML, EML) that carry an explicit MZ (EXE) byte sequence. The content can be treated as a safe type while still being executa...

5CVSS6.9AI score0.01654EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder