13 matches found
EUVD-2002-0430
Malware in sbrugna...
CVE-2024-28142
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...
GHSA-758M-6G3Q-G3HH Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test.txt. This can result in unintended behavior...
CVE-2017-7676
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test.txt. This can result in unintended behavior...
Design/Logic Flaw
The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...
CVE-2014-1492
The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...
CVE-2014-1492
The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...
Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞
BUGTRAQ ID: 30560 CVECAN ID: CVE-2008-2939 Apache HTTP Server是一款流行的Web服务器。 如果将Apache HTTP Server配置了代理支持(配置文件中ProxyRequests On)且启用了modproxyftp模块以提供HTTP上FTP支持的话,则类似于以下的包含有通配符字符(“”、“'”、“”等)的请求: GET ftp://host/foo HTTP/1.0 就会在modproxyftp所返回的响应中导致跨站脚本攻击: ... h2Directory of a href="/"ftp://host/a/foo/h...
CVE-2003-1137
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...
CVE-2003-1137
CVE-2003-1137 affects sh-httpd versions 0.3 and 0.4. The issue allows remote attackers to read files or execute arbitrary CGI scripts via a GET request containing an asterisk (*) wildcard character, indicating improper handling of wildcards in input. The provided documents do not specify a fix or...
sh-httpd.txt
======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...
[Full-Disclosure] sh-httpd `wildcard character' vulnerability
======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...
CVE-2002-1010
CVE-2002-1010 affects Lotus Domino R4. The vulnerability allows remote attackers to bypass access restrictions for files in the web root by issuing an HTTP request with a trailing “?”, which is treated as a wildcard and bypasses the web handlers. The available sources describe the issue and its i...