Lucene search
+L

86 matches found

cvelist
cvelist
added 2010/12/22 1:0 a.m.23 views

CVE-2010-4580

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same name as an input field on a previously visited web site...

7.2AI score0.0217EPSS
Exploits0References6
cve
cve
added 2010/12/22 1:0 a.m.50 views

CVE-2010-4580

Opera before 11.00 is affected by a vulnerability where WAP/WML form fields are not cleared when navigating to a new site, allowing a remote attacker to obtain sensitive information from an input field that shares a name with a previously visited site. The issue is confirmed in CVE-2010-4580 and ...

5CVSS7.1AI score0.0217EPSS
Exploits0References6Affected Software1
opera
opera
added 2010/12/14 12:0 a.m.482 views

WAP form content can be leaked to other sites

When accepting user input in form fields on a WAP page, WML requires that the input contents are remembered, and used to populate every further input sharing the same name. This should continue as long as the user continues to click links known as a WAP session, even populating similarly named...

1.6AI score
Exploits0Affected Software1
seebug
seebug
added 2009/06/25 12:0 a.m.41 views

Nagios statuswml.cgi远程Shell命令注入漏洞

BUGTRAQ ID: 35464 Nagios是一款免费开放源代码的主机和服务监视软件,可使用在多种Linux和Unix操作系统下。 Nagios没有正确地过滤传送给statuswml.cgi的ping参数,远程攻击者可以通过tools - ping和tools- Traceroute WAP/WML页面注入并执行任意shell命令。例如,Ping主机名/地址173.45.235.65;echo $PATH会返回ping命令的输出并执行和返回echo $PATH命令的输出。 Nagios Nagios 3.1.0 Nagios Nagios 3.0.6 Nagios Nagios 2....

6.9AI score
Exploits0
nessus
nessus
added 2009/04/23 12:0 a.m.26 views

Mandriva Linux Security Advisory : wml (MDVSA-2008:076)

Two vulnerabilities were found in the Website META Language WML package that allowed local users to overwrite arbitrary files via symlink attacks. The updated packages have been patched to correct these issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

3.6CVSS5.6AI score0.00433EPSS
Exploits2References2
openvas
openvas
added 2009/04/09 12:0 a.m.24 views

Mandriva Update for wml MDVSA-2008:076 (wml)

Check for the Version of wml OpenVAS Vulnerability Test Mandriva Update for wml MDVSA-2008:076 wml Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

3.6CVSS0.1AI score0.00433EPSS
Exploits2References2
nvd
nvd
added 2009/03/12 3:20 p.m.17 views

CVE-2009-0366

The uncompressbuffer function in src/server/simplewml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document...

4.3CVSS6.3AI score0.01957EPSS
Exploits0References13
ubuntucve
ubuntucve
added 2009/03/12 3:20 p.m.24 views

CVE-2009-0366

The uncompressbuffer function in src/server/simplewml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document...

4.3CVSS5.9AI score0.01957EPSS
Exploits0References1
prion
prion
added 2009/03/12 3:20 p.m.14 views

Code injection

The uncompressbuffer function in src/server/simplewml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document...

4.3CVSS6.9AI score0.01957EPSS
Exploits0References13Affected Software1
openvas
openvas
added 2008/09/24 12:0 a.m.22 views

Gentoo Security Advisory GLSA 200803-23 (wml)

The remote host is missing updates announced in advisory GLSA 200803-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

3.6CVSS6.5AI score0.00433EPSS
Exploits2
myhack58
myhack58
added 2008/06/23 12:0 a.m.38 views

WAP Web Application Security-vulnerability warning-the black bar safety net

Author: lake2 80sec EMail: lake280sec.com Site: http://www.80sec.com Date: 2008-6-10 --------------------------------- Directory 0x00 is utter bullshit. 0x01 WML and WMLScript 0x02 WML injection attacks 0x03 WML injected into what can be done 0x04 WAP site session security 0x05 PostScript...

7.5AI score
Exploits0
debian
debian
added 2008/04/27 8:23 a.m.53 views

[SECURITY] [DSA 1492-2] New wml packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 1492-2 [email protected] http://www.debian.org/security/ Martin Schulze April 27th, 2008 http://www.debian.org/security/faq -...

3.6CVSS5.7AI score0.00433EPSS
Exploits2
openvas
openvas
added 2008/02/15 12:0 a.m.27 views

Debian Security Advisory DSA 1492-1 (wml)

The remote host is missing an update to wml announced via advisory DSA 1492-1. OpenVAS Vulnerability Test $Id: deb14921.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1492-1 wml Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

3.6CVSS0.00433EPSS
Exploits2
openvas
openvas
added 2008/02/15 12:0 a.m.17 views

Debian: Security Advisory (DSA-1492-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS6.7AI score0.00433EPSS
Exploits2References3
securityvulns
securityvulns
added 2008/02/12 12:0 a.m.56 views

[SECURITY] [DSA 1492-1] New wml packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1492-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 10, 2008 http://www.debian.org/security/faq -...

3.6CVSS0.1AI score0.00433EPSS
Exploits2
securityvulns
securityvulns
added 2008/02/12 12:0 a.m.37 views

WML symbolic links vulnerability

Symbolic links problem on temporary files creation...

3.6CVSS1.4AI score0.00433EPSS
Exploits2References1Affected Software1
prion
prion
added 2008/02/11 9:0 p.m.21 views

Code injection

Website META Language WML 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on 1 the /tmp/pe.tmp.$$ temporary file used by wmlcontrib/wmg.cgi and 2 temporary files used by wmlbackend/p3eperl/eperlsys.c...

3.6CVSS6.4AI score0.00433EPSS
Exploits1References8Affected Software1
prion
prion
added 2008/02/11 9:0 p.m.16 views

Design/Logic Flaw

wmlbackend/p1ipp/ipp.src in Website META Language WML 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file...

3.6CVSS6.3AI score0.00433EPSS
Exploits1References8Affected Software1
ubuntucve
ubuntucve
added 2008/02/11 9:0 p.m.16 views

CVE-2008-0666

Website META Language WML 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on 1 the /tmp/pe.tmp.$$ temporary file used by wmlcontrib/wmg.cgi and 2 temporary files used by wmlbackend/p3eperl/eperlsys.c...

3.6CVSS5.9AI score0.00433EPSS
Exploits1References1
nvd
nvd
added 2008/02/11 9:0 p.m.21 views

CVE-2008-0666

Website META Language WML 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on 1 the /tmp/pe.tmp.$$ temporary file used by wmlcontrib/wmg.cgi and 2 temporary files used by wmlbackend/p3eperl/eperlsys.c...

3.6CVSS6.1AI score0.00433EPSS
Exploits1References8
Rows per page
Query Builder