8 results (0.018 seconds)

CVSS: 5.0EPSS: 0%CPEs: 148EXPL: 0

Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter. Múltiples vulnerabilidades de salto de directorio en namazu.cgi en Namazu antes de v2.0.16 permite a atacantes remotos leer archivos de su elección a través de ..(punto punto) en el parámetro (1) lang o (2) result • http://www.namazu.org/security.html# https://exchange.xforce.ibmcloud.com/vulnerabilities/71489 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados XSS en Namazu antes de v2.0.21, cuando se usa Internet Explorer 6 o 7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cookie. • http://secunia.com/advisories/46925 http://www.namazu.org/security.html#cross-site-scripting http://www.securityfocus.com/bid/50771 https://bugzilla.redhat.com/show_bug.cgi?id=756348 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0

Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field. Desbordamiento de búfer basado en la pila en Namazu anterior a v2.0.20 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de peticiones manipuladas que contiene un campo de la URI vacío. • http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log http://www.namazu.org/security.html http://www.securityfocus.com/bid/50772 https://bugzilla.redhat.com/show_bug.cgi?id=756341 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en namazu.cgi de Namazu antes de 2.0.18 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una entrada codificada con UTF-7, relacionada con un fallo al establecer el conjunto de caracteres, un vector distinto a CVE-2004-1318 y CVE-2001-1350. NOTA: alguno de estos detalles se han obtenido de información de terceros. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://jvn.jp/jp/JVN%2300892830/index.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://marc.info/?l=bugtraq&m=127239985506823&w=2 http://secunia.com/advisories/29386 http://secunia.com/advisories/29561 http://secunia.com/advisories/31687 http://secunia.com/advisories/39645 http://www.namazu.org/security.html.en http://www.securityfocus.com/bid/28380 https:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. • http://jvn.jp/jp/JVN%23904429FE.html http://secunia.com/advisories/13600 http://securitytracker.com/alerts/2005/Jan/1012802.html http://securitytracker.com/alerts/2005/Jan/1012805.html http://www.debian.org/security/2005/dsa-627 http://www.linuxsecurity.com/content/view/117604/102 http://www.namazu.org/security.html.en#xss-tab http://www.novell.com/linux/security/advisories/2005_01_sr.html http://www.osvdb.org/12516 http://www.securityfocus.com/advisories/9028 http: •