CVE-2011-4345
https://notcve.org/view.php?id=CVE-2011-4345
Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados XSS en Namazu antes de v2.0.21, cuando se usa Internet Explorer 6 o 7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cookie. • http://secunia.com/advisories/46925 http://www.namazu.org/security.html#cross-site-scripting http://www.securityfocus.com/bid/50771 https://bugzilla.redhat.com/show_bug.cgi?id=756348 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-5028
https://notcve.org/view.php?id=CVE-2009-5028
Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field. Desbordamiento de búfer basado en la pila en Namazu anterior a v2.0.20 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de peticiones manipuladas que contiene un campo de la URI vacío. • http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log http://www.namazu.org/security.html http://www.securityfocus.com/bid/50772 https://bugzilla.redhat.com/show_bug.cgi?id=756341 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •