CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2005-3352 – httpd cross-site scripting flaw in mod_imap
https://notcve.org/view.php?id=CVE-2005-3352
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_imap de Apache httpd anteriores a 1.3.35-dev y Apache httpd 2.0.x anteriores a 2.0.56-dev permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el Referente cuando se usan mapas de imágenes. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1125
https://notcve.org/view.php?id=CVE-1999-1125
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. • http://marc.info/?l=bugtraq&m=87602880019796&w=2 •