CVE-2007-6110 – ht://Dig 3.2 - Htsearch Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6110
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en htsearch en htdig 3.2.0b6. Permite que atacantes remotos inyecten, a su elección, códigos web o HTML usando en parámetro 'sort'. • https://www.exploit-db.com/exploits/30818 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278 http://secunia.com/advisories/27850 http://secunia.com/advisories/27890 http://secunia.com/advisories/27965 http://secunia.com/advisories/28062 http://securitytracker.com/id?1019010 http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev http://www.debian.org/security/2007/dsa-1429 http://www.novell.com/linux/security/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-0085
https://notcve.org/view.php?id=CVE-2005-0085
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ht://dig (htdig) anteriores a 3.1.6r7 permite a atacantes remotos ejecutar script web de su elección o HTML mediante el parámetro config, que no es limpiado adecuamante antes de ser mostrado en le mensaje de error. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt http://secunia.com/advisories/14255 http://secunia.com/advisories/14276 http://secunia.com/advisories/14303 http://secunia.com/advisories/14795 http://secunia.com/advisories/15007 http://secunia.com/advisories/17414 http://secunia.com/advisories/17415 http://securitytracker.com/id?1013078 http://www.debian.org/security/2005/dsa-680 http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml http •
CVE-2002-2010
https://notcve.org/view.php?id=CVE-2002-2010
Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0321.html http://www.iss.net/security_center/static/9433.php http://www.securityfocus.com/bid/5091 •
CVE-2000-1191
https://notcve.org/view.php?id=CVE-2000-1191
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. • http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html http://www.securityfocus.com/bid/4366 https://exchange.xforce.ibmcloud.com/vulnerabilities/7367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10526 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2000-0208 – The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion
https://notcve.org/view.php?id=CVE-2000-0208
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. • https://www.exploit-db.com/exploits/19785 http://www.securityfocus.com/bid/1026 •