Page 3 of 14 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hyper NIKKI System anterior a 2.19.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores desconocidos. • http://jvn.jp/jp/JVN%2388325166/index.html http://secunia.com/advisories/22697 http://www.h14m.org/dist http://www.securityfocus.com/bid/20949 http://www.vupen.com/english/advisories/2006/4363 https://exchange.xforce.ibmcloud.com/vulnerabilities/30040 •

CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la función communicate de estmaster.c para Hyper Estraier versiones anteriores a 1.3.3 permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/21049 http://sourceforge.net/project/shownotes.php?release_id=432119 http://www.vupen.com/english/advisories/2006/2827 •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0

estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters. • http://jvn.jp/jp/JVN%2318282718/index.html http://secunia.com/advisories/17379 http://securitytracker.com/id?1015119 http://sourceforge.net/project/shownotes.php?release_id=366565 http://www.securityfocus.com/bid/15236 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. • http://marc.info/?l=bugtraq&m=111445410220152&w=2 •