Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-0430

Malware in sbrugna...

5CVSS6.4AI score0.02302EPSS
Exploits0References4
NVD
NVD
added 2024/12/12 1:15 p.m.25 views

CVE-2024-28142

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

4.7CVSS0.00443EPSS
Exploits0References3
OSV
OSV
added 2018/10/17 5:22 p.m.21 views

GHSA-758M-6G3Q-G3HH Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test.txt. This can result in unintended behavior...

9.8CVSS9.4AI score0.04198EPSS
Exploits1References4
OSV
OSV
added 2017/06/14 5:29 p.m.17 views

CVE-2017-7676

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test.txt. This can result in unintended behavior...

9.8CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2014/03/25 1:25 p.m.23 views

Design/Logic Flaw

The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...

4.3CVSS6.6AI score0.01767EPSS
Exploits2References27Affected Software1
Cvelist
Cvelist
added 2014/03/25 1:0 a.m.26 views

CVE-2014-1492

The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...

7.2AI score0.01767EPSS
Exploits2References27
UbuntuCve
UbuntuCve
added 2014/03/25 12:0 a.m.34 views

CVE-2014-1492

The certTestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services NSS before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof...

4.3CVSS6.8AI score0.01767EPSS
Exploits2References5
seebug.org
seebug.org
added 2008/08/08 12:0 a.m.148 views

Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞

BUGTRAQ ID: 30560 CVECAN ID: CVE-2008-2939 Apache HTTP Server是一款流行的Web服务器。 如果将Apache HTTP Server配置了代理支持(配置文件中ProxyRequests On)且启用了modproxyftp模块以提供HTTP上FTP支持的话,则类似于以下的包含有通配符字符(“”、“'”、“”等)的请求: GET ftp://host/foo HTTP/1.0 就会在modproxyftp所返回的响应中导致跨站脚本攻击: ... h2Directory of a href="/"ftp://host/a/foo/h...

4.3CVSS7.7AI score0.38953EPSS
Exploits4
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.17 views

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

7.2AI score0.06757EPSS
Exploits1References4
CVE
CVE
added 2005/05/10 4:0 a.m.38 views

CVE-2003-1137

CVE-2003-1137 affects sh-httpd versions 0.3 and 0.4. The issue allows remote attackers to read files or execute arbitrary CGI scripts via a GET request containing an asterisk (*) wildcard character, indicating improper handling of wildcards in input. The provided documents do not specify a fix or...

5CVSS7.6AI score0.06757EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2003/10/30 12:0 a.m.31 views

sh-httpd.txt

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/10/27 12:0 a.m.22 views

[Full-Disclosure] sh-httpd `wildcard character' vulnerability

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

7AI score
Exploits0
CVE
CVE
added 2002/08/31 4:0 a.m.40 views

CVE-2002-1010

CVE-2002-1010 affects Lotus Domino R4. The vulnerability allows remote attackers to bypass access restrictions for files in the web root by issuing an HTTP request with a trailing “?”, which is treated as a wildcard and bypasses the web handlers. The available sources describe the issue and its i...

7.5CVSS7.2AI score0.01403EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder