9 results (0.021 seconds)

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. ELinks 0.12 y Twibright Links 2.3 tienen una falta de validación de certificados SSL. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658 https://bugzilla.redhat.com/show_bug.cgi?id=881399 • CWE-295: Improper Certificate Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file. La función put_chars en el archivo html_r.c en Twibright Links versión 2.14, permite a los atacantes remotos causar una denegación de servicio (lectura excesiva del búfer) por medio de un archivo HTML creado. The put_chars function in html_r.c in Links version 2.14 can cause a denial of service (buffer over-read) via a crafted html file. • http://seclists.org/fulldisclosure/2017/Jul/76 • CWE-125: Out-of-bounds Read •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables. Desbordamiento de enteros en Links anterior a la versión 2.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de tablas HTML. • http://links.twibright.com/download/ChangeLog http://www.debian.org/security/2013/dsa-2807 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 0%CPEs: 92EXPL: 0

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." Vulnerabilidad no especificada en Links anterior a 2.1, cuando la opción "only proxies" (solo proxies) está activada, tiene un impacto y vectores de ataques desconocidos relacionado con que proporciona "URLs a programas externos". • http://links.twibright.com/download/ChangeLog http://www.securityfocus.com/bid/30422 https://exchange.xforce.ibmcloud.com/vulnerabilities/44035 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2

admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. admin/index.php de Maian Links 3.1 y anteriores, permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie links_cookie de su elección. • https://www.exploit-db.com/exploits/6062 http://secunia.com/advisories/31068 http://www.maianscriptworld.co.uk/free-php-scripts/maian-links/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30205 https://exchange.xforce.ibmcloud.com/vulnerabilities/43749 • CWE-287: Improper Authentication •