3 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. La vulnerabilidad de inyección SQL en la función auth_checkpass de la página de ingreso en NullLogic Groupware v1.2.7 permite a atacantes remotos ejecutar comandos SQL a su elección a través de los parámetros de usuarios. • http://www.nth-dimension.org.uk/utils/get.php?downloadsid=55 http://www.securityfocus.com/archive/1/504737/100/0/threaded http://www.vupen.com/english/advisories/2009/1817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. Vulnerabilidad de scripts en sitios cruzados (XSS) en Null HTTP Server 0.5.0 y anteriores permite a atacantes remotos insertar HTML arbitrario en una respuesta "404 No Encontrado". • https://www.exploit-db.com/exploits/21767 http://freshmeat.net/releases/97910 http://www.securityfocus.com/bid/5603 https://exchange.xforce.ibmcloud.com/vulnerabilities/10004 •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2

Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. Desbordamiento de búfer basado en el montón (heap) en Null HTTP Server 0.5.0 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante un valor negativo en la cabecera HTTP Content-Length. • https://www.exploit-db.com/exploits/21818 http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html http://freshmeat.net/releases/97910 http://www.iss.net/security_center/static/10160.php http://www.securityfocus.com/bid/5774 •