Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3212 matches found

Cvelist
Cvelistadded 2010/01/13 8:0 p.m.31 views

CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

7.6AI score0.017EPSS
Exploits2References3
CVE
CVEadded 2010/01/13 8:0 p.m.69 views

CVE-2009-4488

Varnish 2.0.6 is affected by CVE-2009-4488: it writes to a log file without sanitizing non-printable characters, which could let remote attackers modify a window title or potentially execute arbitrary commands or overwrite files via an HTTP request containing an escape sequence for a terminal emu...

9.8CVSS7.7AI score0.0192EPSS
Exploits2References3Affected Software1
Cvelist
Cvelistadded 2010/01/13 8:0 p.m.18 views

CVE-2009-4494

AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

7.7AI score0.03577EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2010/01/13 12:0 a.m.5 views

PT-2010-1346 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Varnish version 2.0.6 Description: The issue arises from Varnish writing data to a log file without sanitizing non-printable characters. This could potentially allow remote attackers to modify a window's title or possibly execute arbitrary...

9.8CVSS7.9AI score0.0192EPSS
Exploits2References15
Vulnrichment
Vulnrichmentadded 2010/01/13 12:0 a.m.32 views

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

8AI score0.02714EPSS
Exploits3References4
Cvelist
Cvelistadded 2010/01/13 12:0 a.m.25 views

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

7.7AI score0.02714EPSS
Exploits3References4
OpenVAS
OpenVASadded 2010/01/13 12:0 a.m.52 views

Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability

Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.1AI score0.21101EPSS
Exploits2References3
OpenVAS
OpenVASadded 2010/01/13 12:0 a.m.88 views

nginx Terminal Escape Sequence in Logs Command Injection Vulnerability

The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx 0.7.64; other versions may also be affected. OpenVAS...

5CVSS0.017EPSS
Exploits2References3
Positive Technologies
Positive Technologiesadded 2010/01/13 12:0 a.m.5 views

PT-2010-1345

Name of the Vulnerable Software and Affected Versions nginx version 0.7.64 Description The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is becaus...

6.8CVSS7.2AI score0.017EPSS
Exploits2References13
OpenVAS
OpenVASadded 2010/01/13 12:0 a.m.390 views

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Acme SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.100447";...

9.8CVSS6.4AI score0.04025EPSS
Exploits4References4
securityvulns
securityvulnsadded 2010/01/12 12:0 a.m.230 views

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...

5CVSS8.2AI score0.2626EPSS
Exploits19
exploitpack
exploitpackadded 2010/01/11 12:0 a.m.12 views

Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection

Varnish 2.0.6 - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37713/info Varnish is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute...

0.4AI score
Exploits0
exploitpack
exploitpackadded 2010/01/11 12:0 a.m.23 views

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to...

Exploits0
Exploit DB
Exploit DBadded 2010/01/11 12:0 a.m.95 views

AOLServer Terminal 4.5.1 - Escape Sequence in Logs Command Injection

source: https://www.securityfocus.com/bid/37712/info AOLServer is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. AOLServer 4.5.1 is vulnerable; other...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2010/01/11 12:0 a.m.148 views

Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection

source: https://www.securityfocus.com/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. Versions prior to the following a...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2010/01/11 12:0 a.m.112 views

Nginx 0.7.64 - Terminal Escape Sequence in Logs Command Injection

source: https://www.securityfocus.com/bid/37711/info The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2010/01/11 12:0 a.m.12 views

Yaws 1.55 - Logs Terminal Escape Sequence Command Injection

Yaws 1.55 - Logs Terminal Escape Sequence Command Injection source: https://www.securityfocus.com/bid/37716/info Yaws is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary comman...

7.8AI score
Exploits0
Exploit DB
Exploit DBadded 2010/01/11 12:0 a.m.26 views

Cherokee 0.99.30 - Terminal Escape Sequence in Logs Command Injection

source: https://www.securityfocus.com/bid/37715/info Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are...

7.4AI score
Exploits0
Prion
Prionadded 2009/12/21 4:30 p.m.23 views

Cross site scripting

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

4.3CVSS5.5AI score0.16946EPSS
Exploits2References15Affected Software1
Prion
Prionadded 2009/10/26 5:30 p.m.20 views

Directory traversal

files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . dot characters, which is filtered into a "../" sequence...

5CVSS7.2AI score0.04186EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder