Lucene search
+L

119 matches found

Cvelist
Cvelist
added 2016/10/03 3:0 p.m.49 views

CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

9.9AI score0.08583EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2016/10/03 12:0 a.m.29 views

CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

9.8CVSS7.4AI score0.08583EPSS
Exploits0References3
OSV
OSV
added 2016/10/03 12:0 a.m.4 views

UBUNTU-CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

9.8CVSS7.4AI score0.08583EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2016/09/29 4:47 p.m.40 views

CVE-2016-5180

A vulnerability was found in c-ares. A hostname with an escaped trailing dot such as "hello\." would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could...

9.8CVSS1.6AI score0.08583EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/06/25 8:9 a.m.5 views

chromium-browser: Normalization error in HSTS/HPKP preload list

The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...

4.3CVSS7.4AI score0.01758EPSS
Exploits0References5
OSV
OSV
added 2015/02/25 12:0 a.m.4 views

UBUNTU-CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS6.9AI score0.01052EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2013/10/09 2:54 p.m.8 views

CVE-2013-5576

administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . dot...

6.8CVSS5.6AI score0.48191EPSS
Exploits5References13
w3af
w3af
added 2013/06/10 11:2 p.m.31 views

domain_dot

This plugin finds misconfigurations in the virtual host settings by sending a specially crafted request with a trailing dot in the domain name. For example, if the input for this plugin is http://host.tld/ , the plugin will perform a request to http://host.tld./ . In some misconfigurations, the...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/06/21 10:42 p.m.7 views

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.4AI score0.01777EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/06/21 10:39 p.m.7 views

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.4AI score0.01777EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/06/21 10:25 p.m.7 views

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.4AI score0.01777EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/02/05 12:0 a.m.26 views

NaviCOPA Trailing Dot Source Code Disclosure

The version of the NaviCOPA web server software running on the remote host returns the source of scripts hosted on it if the URL ends in a dot '.'. A remote attacker can leverage this issue to view the source code of CGIs and possibly obtain passwords and other sensitive information from this hos...

5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2007/10/29 7:0 p.m.22 views

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...

7.7AI score0.02645EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/10/20 10:0 a.m.23 views

CVE-2003-1408

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot...

6.8AI score0.01324EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.24 views

CVE-2002-1855

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

7.5AI score0.02178EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.25 views

CVE-2002-1857

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

7.5AI score0.02119EPSS
Exploits0References4
OSV
OSV
added 2005/05/02 4:0 a.m.12 views

DEBIAN-CVE-2005-0837

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...

5CVSS7AI score0.0245EPSS
Exploits1References1
NVD
NVD
added 2002/12/31 5:0 a.m.14 views

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...

6.4CVSS7.7AI score0.02645EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 1999/12/31 12:0 a.m.6 views

PT-1999-1008 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 2.0 through 3.0 Description: The issue allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL. Recommendations: For IIS versions 2.0 through 3.0, consider restricting access to AS...

5CVSS6.5AI score0.40015EPSS
Exploits0References4
Rows per page
Query Builder