6 results (0.005 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en htsearch en htdig 3.2.0b6. Permite que atacantes remotos inyecten, a su elección, códigos web o HTML usando en parámetro 'sort'. • https://www.exploit-db.com/exploits/30818 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278 http://secunia.com/advisories/27850 http://secunia.com/advisories/27890 http://secunia.com/advisories/27965 http://secunia.com/advisories/28062 http://securitytracker.com/id?1019010 http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev http://www.debian.org/security/2007/dsa-1429 http://www.novell.com/linux/security/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 2%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ht://dig (htdig) anteriores a 3.1.6r7 permite a atacantes remotos ejecutar script web de su elección o HTML mediante el parámetro config, que no es limpiado adecuamante antes de ser mostrado en le mensaje de error. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt http://secunia.com/advisories/14255 http://secunia.com/advisories/14276 http://secunia.com/advisories/14303 http://secunia.com/advisories/14795 http://secunia.com/advisories/15007 http://secunia.com/advisories/17414 http://secunia.com/advisories/17415 http://securitytracker.com/id?1013078 http://www.debian.org/security/2005/dsa-680 http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml http&# •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0321.html http://www.iss.net/security_center/static/9433.php http://www.securityfocus.com/bid/5091 •

CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 0

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 http://marc.info/?l=bugtraq&m=100260195401753&w=2 http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt http://www.debian.org/security/2001/dsa-080 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3 http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.html http://www •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. • http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html http://www.securityfocus.com/bid/4366 https://exchange.xforce.ibmcloud.com/vulnerabilities/7367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10526 • CWE-209: Generation of Error Message Containing Sensitive Information •