CVSS: 7.5EPSS: 10%CPEs: 10EXPL: 0CVE-2009-5028
https://notcve.org/view.php?id=CVE-2009-5028
Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field. Desbordamiento de búfer basado en la pila en Namazu anterior a v2.0.20 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de peticiones manipuladas que contiene un campo de la URI vacío. • http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log http://www.namazu.org/security.html http://www.securityfocus.com/bid/50772 https://bugzilla.redhat.com/show_bug.cgi?id=756341 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0CVE-2011-4345
https://notcve.org/view.php?id=CVE-2011-4345
Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados XSS en Namazu antes de v2.0.21, cuando se usa Internet Explorer 6 o 7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cookie. • http://secunia.com/advisories/46925 http://www.namazu.org/security.html#cross-site-scripting http://www.securityfocus.com/bid/50771 https://bugzilla.redhat.com/show_bug.cgi?id=756348 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2008-1468
https://notcve.org/view.php?id=CVE-2008-1468
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en namazu.cgi de Namazu antes de 2.0.18 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una entrada codificada con UTF-7, relacionada con un fallo al establecer el conjunto de caracteres, un vector distinto a CVE-2004-1318 y CVE-2001-1350. NOTA: alguno de estos detalles se han obtenido de información de terceros. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://jvn.jp/jp/JVN%2300892830/index.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://marc.info/?l=bugtraq&m=127239985506823&w=2 http://secunia.com/advisories/29386 http://secunia.com/advisories/29561 http://secunia.com/advisories/31687 http://secunia.com/advisories/39645 http://www.namazu.org/security.html.en http://www.securityfocus.com/bid/28380 https:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •