Show filters
87 Total Results
Displaying 41-50 of 87
Sort by:
Attacker Value
Unknown

CVE-2014-2576

Disclosure Date: October 15, 2014 (last updated October 05, 2023)
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
0
0
Attacker Value
Unknown

CVE-2013-2090

Disclosure Date: May 27, 2014 (last updated October 05, 2023)
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
0
0
Attacker Value
Unknown

CVE-2013-7097

Disclosure Date: January 08, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
0
0
Attacker Value
Unknown

CVE-2012-4507

Disclosure Date: October 22, 2012 (last updated October 05, 2023)
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
0
0
Attacker Value
Unknown

CVE-2011-5025

Disclosure Date: December 29, 2011 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
0
0
Attacker Value
Unknown

CVE-2010-4369

Disclosure Date: December 02, 2010 (last updated October 04, 2023)
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.
0
0
Attacker Value
Unknown

CVE-2010-4367

Disclosure Date: December 02, 2010 (last updated October 04, 2023)
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
0
0
Attacker Value
Unknown

CVE-2009-5020

Disclosure Date: December 02, 2010 (last updated October 04, 2023)
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2010-4368

Disclosure Date: December 02, 2010 (last updated October 04, 2023)
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
0
0
Attacker Value
Unknown

CVE-2010-4181

Disclosure Date: November 04, 2010 (last updated October 04, 2023)
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
0
0
View More Topics  < Previous  Next >