4 results (0.017 seconds)

CVSS: 6.8EPSS: 2%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ht://dig (htdig) anteriores a 3.1.6r7 permite a atacantes remotos ejecutar script web de su elección o HTML mediante el parámetro config, que no es limpiado adecuamante antes de ser mostrado en le mensaje de error. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt http://secunia.com/advisories/14255 http://secunia.com/advisories/14276 http://secunia.com/advisories/14303 http://secunia.com/advisories/14795 http://secunia.com/advisories/15007 http://secunia.com/advisories/17414 http://secunia.com/advisories/17415 http://securitytracker.com/id?1013078 http://www.debian.org/security/2005/dsa-680 http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml http&# •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0321.html http://www.iss.net/security_center/static/9433.php http://www.securityfocus.com/bid/5091 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. • http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html http://www.securityfocus.com/bid/4366 https://exchange.xforce.ibmcloud.com/vulnerabilities/7367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10526 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 5.0EPSS: 14%CPEs: 5EXPL: 1

The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. • https://www.exploit-db.com/exploits/19785 http://www.securityfocus.com/bid/1026 •