17 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS)en WebExpert permite a atacantes remotos inyectar código web o HTML de su elección a través de cabeceras User-Agent HTTP manipuladas. • http://www.securityfocus.com/archive/1/313867 https://exchange.xforce.ibmcloud.com/vulnerabilities/56646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS)en LoganPro permite a atacantes remotos inyectar código web o HTML de su elección a través de una cabecera User-Agent HTTP manipulada. • http://www.securityfocus.com/archive/1/313867 https://exchange.xforce.ibmcloud.com/vulnerabilities/56645 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 2

The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. • http://cert.uni-stuttgart.de/archive/vulnwatch/2002/01/msg00007.html http://www.kb.cert.org/vuls/id/191763 http://www.kb.cert.org/vuls/id/AAMN-567N48 http://www.procheckup.com/security_info/vuln_pr0104.html http://www.securityfocus.com/bid/3826 https://exchange.xforce.ibmcloud.com/vulnerabilities/7842 •

CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 4

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. • http://lists.virus.org/vulnwatch-0201/msg00008.html http://securitytracker.com/id?1003157 http://www.kb.cert.org/vuls/id/985347 http://www.kb.cert.org/vuls/id/AAMN-567NFX http://www.procheckup.com/vulnerabilities/pr0105.html http://www.securiteam.com/securitynews/5IP0G0060Q.html http://www.securityfocus.com/bid/3831 https://exchange.xforce.ibmcloud.com/vulnerabilities/7845 •

CVSS: 6.8EPSS: 3%CPEs: 12EXPL: 1

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). importInfo en el Servidor de Administración de iPlanet WebServer 4.x hasta SP11, permite al adminstrador del web ejecutar comandos arbitrarios mediante metacaractéres de shell en el parámetro dir, y posiblemente permita a atacantes remotos explotar esta vulnerabilidad mediante otro problema de XSS (CAN-2002-13145) • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html http://marc.info/?l=bugtraq&m=103772308030269&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1 http://www.iss.net/security_center/static/10693.php http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt http://www.securityfocus.com/bid/6203 •