Lucene search
K

1237 matches found

seebug.org
seebug.org
added 2009/11/27 12:0 a.m.119 views

nginx ngx_http_process_request_headers()函数空指针引用拒绝服务漏洞

BUGTRAQ ID: 36839 CVECAN ID: CVE-2009-3896 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx服务器的src/http/ngxhttpparse.c文件的ngxhttpprocessrequestheaders函数中存在空指针引用错误,远程攻击者可以通过超长的URI来触发这个漏洞,导致worker进程崩溃。 Igor Sysoev nginx 0.8.x Igor Sysoev nginx 0.7.x Igor Sysoev nginx 0.6.x Igor Sysoev nginx 0.5.x Igor Sysoev nginx...

5CVSS0.1AI score0.10181EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.14 views

SuSE9 Security Update : permissions and filesystem (YOU Patch Number 10539)

It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.15 views

SuSE9 Security Update : permissions (YOU Patch Number 10815)

It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...

5.5AI score
Exploits0
seebug.org
seebug.org
added 2009/09/08 12:0 a.m.22 views

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary Command Execution

No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2009/06/16 12:0 a.m.37 views

Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)

The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

9.3CVSS0.7AI score0.09282EPSS
Exploits7References8
NVD
NVD
added 2009/04/30 8:30 p.m.18 views

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

6.8CVSS7AI score0.00672EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2009/04/30 8:30 p.m.24 views

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...

6CVSS5.9AI score0.00786EPSS
Exploits1References2
Prion
Prion
added 2009/04/30 8:30 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

6.8CVSS7.3AI score0.00786EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2009/04/30 8:0 p.m.28 views

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

7AI score0.00672EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2009/04/09 3:8 p.m.4 views

CVE-2007-6726

Multiple cross-site scripting XSS vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving 1 xipclient.html and 2 xipserver.html in src/io/...

4.3CVSS5.4AI score0.03447EPSS
Exploits0References7
securityvulns
securityvulns
added 2009/01/14 12:0 a.m.18 views

KDE Konqueror DoS

Memory exhaustion on oversized SRC and HREF parameters...

3.1AI score
Exploits0Affected Software1
NVD
NVD
added 2008/12/30 8:30 p.m.18 views

CVE-2008-5761

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

4.3CVSS6AI score0.01735EPSS
Exploits1References7
Prion
Prion
added 2008/12/30 8:30 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

4.3CVSS6.3AI score0.01735EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2008/12/30 8:0 p.m.51 views

CVE-2008-5761

CVE-2008-5761 affects FlatnuX CMS (aka Flatnuke3). The provided documents describe multiple cross-site scripting (XSS) vulnerabilities: (1) via the mod parameter in the default URI, (2) via the foto parameter to photo.php in the 05_Foto module, and (3) via the name parameter in an insertrecord ac...

4.3CVSS6AI score0.01735EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2008/12/22 3:0 p.m.24 views

CVE-2008-5706

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file...

6.1AI score0.00789EPSS
Exploits1References5
Saint
Saint
added 2008/12/11 12:0 a.m.27 views

Internet Explorer embed tag src extension buffer overflow

Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...

9.3CVSS6.2AI score0.29709EPSS
Exploits4
NVD
NVD
added 2008/12/10 6:44 a.m.12 views

CVE-2008-5402

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...

10CVSS7.5AI score0.07049EPSS
Exploits0References10
Prion
Prion
added 2008/12/10 6:44 a.m.14 views

Double free

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...

10CVSS7.9AI score0.07049EPSS
Exploits0References10Affected Software2
CVE
CVE
added 2008/12/09 11:0 a.m.52 views

CVE-2008-5402

Trillian has a CVE-2008-5402 vulnerability: a double-free in the XML parser before version 3.1.12.0 can enable remote code execution via crafted XML (notably the IMG SRC ID payload). Public sources (ZDI-08-078, OpenVAS entries, and NVD record) corroborate a remote memory corruption/ARiC condition...

10CVSS7.5AI score0.07049EPSS
Exploits0References10Affected Software4
Prion
Prion
added 2008/12/03 5:30 p.m.17 views

Buffer overflow

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine aka lcms before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than...

10CVSS6.6AI score0.07928EPSS
Exploits2References8Affected Software2
Rows per page
Query Builder