Lucene search

K

Lynx Security Vulnerabilities

cve
cve

CVE-2006-6207

SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL...

8.7AI Score

0.005EPSS

2006-12-01 01:28 AM
18
cve
cve

CVE-2006-5953

SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid...

8.8AI Score

0.007EPSS

2006-11-17 12:07 AM
21
cve
cve

CVE-1999-1549

Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute...

7.8CVSS

6.7AI Score

0.0004EPSS

2001-09-12 04:00 AM
22
cve
cve

CVE-2012-5821

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS...

5.9CVSS

5.3AI Score

0.002EPSS

2012-11-04 10:55 PM
19
cve
cve

CVE-2023-0750

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users Change the streaming...

9.8CVSS

9.4AI Score

0.002EPSS

2023-04-06 02:15 PM
12
cve
cve

CVE-2021-38165

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI...

5.3CVSS

5.3AI Score

0.006EPSS

2021-08-07 06:15 PM
177
13
cve
cve

CVE-2014-5002

The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing...

7.8CVSS

7.4AI Score

0.0004EPSS

2018-01-10 06:29 PM
48
cve
cve

CVE-2017-1000211

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto...

5.3CVSS

5.4AI Score

0.002EPSS

2017-11-17 03:29 PM
56
cve
cve

CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different...

7.5CVSS

5.2AI Score

0.001EPSS

2016-12-22 09:59 PM
153
cve
cve

CVE-2010-2810

Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent)...

6.7AI Score

0.053EPSS

2010-08-20 06:00 PM
19
cve
cve

CVE-2006-7234

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working...

6.8AI Score

0.0004EPSS

2008-10-27 05:21 PM
21
cve
cve

CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have...

7.1AI Score

0.018EPSS

2008-10-22 06:00 PM
31