CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 1CVE-2007-4397
https://notcve.org/view.php?id=CVE-2007-4397
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. Múltiples vulnerabilidades de inyección CRLF en (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, y otras secuencias de comandos no especificadas para XChat permite a atacantes remotos con la intervención del usuario ejecutar comandos IRC de su elección a través de secuencias CRLF en el nombre de la canción en un archivo .mp3. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065227.html http://osvdb.org/39574 http://osvdb.org/39575 http://secunia.com/advisories/26454 http://secunia.com/advisories/26455 http://secunia.com/advisories/26484 http://secunia.com/advisories/26485 http://secunia.com/advisories/26486 http://secunia.com/advisories/26487 http://secunia.com/advisories/26488 http://securityreason.com/securityalert/3036 http://wouter.coekaerts.be/site/security/nowplaying http:/&# •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5168
https://notcve.org/view.php?id=CVE-2006-5168
Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Simon Brown Pebble 2.0.0 RC1 y RC2 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de la consulta cadena. • http://securityreason.com/securityalert/1689 http://svn.sourceforge.net/viewvc/pebble/trunk/src/net/sourceforge/pebble/search/SearchResults.java?r1=136&r2=206 http://www.securityfocus.com/archive/1/447503/100/0/threaded http://www.securityfocus.com/bid/20298 https://exchange.xforce.ibmcloud.com/vulnerabilities/29312 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1082
https://notcve.org/view.php?id=CVE-2001-1082
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack. • http://freshmeat.net/releases/52020 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2001-1081
https://notcve.org/view.php?id=CVE-2001-1081
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. • http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html http://freshmeat.net/releases/52020 http://www.securityfocus.com/bid/2994 •