| OSVDB ID | Disclosure Date | Title |
|---|
|
89
Description:
ht://Dig contains a flaw that allows a remote attacker to access arbitrary files. This flaw exists because the 'htsearch.cgi' script does not validate user-supplied input containing backticks (`), which could allow a remote attacker to access arbitrary files resulting in a loss of confidentiality.
|
2000-02-28
|
ht://Dig (htdig) htsearch.cgi Arbitrary File Access
|
|
7590
Description:
ht://Dig contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'words' variables upon submission to the 'htsearch.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2002-06-26
|
ht://Dig (htdig) htsearch.cgi words Parameter XSS
|
|
7591
Description:
ht://Dig contains a flaw that allows a remote attacker to access arbitrary files. It is possible for a remote attacker with write permissions to upload an alternate configuration file that specifies the target file, which could allow a remote attacker to access arbitrary files resulting in a loss of confidentiality.
|
2001-10-03
|
ht://Dig (htdig) htsearch.cgi Write Permission Arbitrary File Access
|
|
33244
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
|
2007-02-16
|
Htaccess Passwort Generator generate.php ht_pfad Parameter Remote File Inclusion
|
|
66207
Description:
Unknown / Incomplete
|
2010-07-10
|
HTC EVO / Sprint Hero skyagent Backdoor
|
|
66206
Description:
Unknown / Incomplete
|
2010-07-10
|
HTC EVO hstools Backdoor
|
|
77173
Description:
Unknown / Incomplete
|
2011-11-10
|
HTC HD7 HTCUtility.dll 0x9020002C IOCTL Parsing Kernel Memory Manipulation
|
|
81548
Description:
HTC IQRD contains a flaw that is triggered when parsing Carrier IQ messages that may allow an attacker to trigger arbitrary UI commands, generate tones, send arbitrary SMS messages, and gain access to a users Network Access Identifier password.
|
2012-04-20
|
HTC IQRD Carrier IQ Message Parsing Multiple Remote Issues
|
|
79062
Description:
Unknown / Incomplete
|
2011-02-02
|
HTC Mail (Exchange) for Android Personal / Server Information Local Disclosure
|
|
84923
Description:
Multiple HTC phones contain a flaw that may lead to an unauthorized information disclosure. This issue is triggered when the device stores touch coordinates in the dmesg buffer. With a specially crafted application, a context-dependent attacker can gain access to potentially sensitive touch coordinate information.
|
2012-08-16
|
HTC Multiple Phone dmesg Buffer Touch Coordinate Application Handling Information Disclosure
|
|
64104
Description:
Unknown / Incomplete
|
2010-03-25
|
HTC Multiple Product SMS Preview Arbitrary Code Execution
|
|
78745
Description:
Multiple HTC products contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'WifiConfiguration::toString()' method returning WiFi credentials of stored networks in cleartext.
|
2012-02-02
|
HTC Multiple Products WifiConfiguration::toString() Method Wi-Fi Credential Disclosure
|
|
71372
Description:
HTC Peep contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the application transmits credentials in a POST request towards the '/oauth/authorize' resource in cleartext or Base-64 encoded in a HTTP Basic authentication header once a twitter session has been established, which will disclose authentication credentials to a man-in-the-middle attacker via network traffic sniffing.
|
2011-02-04
|
HTC Peep Cleartext Twitter Credentials Information Disclosure
|
|
52009
Description:
(Description Provided by CVE) : HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204.
|
2008-12-19
|
HTC Touch vCard Saturation Remote DoS
|
|
77703
Description:
Unknown / Incomplete
|
2011-12-08
|
HTC Touch2 HTCVideoPlayer.exe stbl Atom 3G2 Video File Handling Remote Memory Corruption
|
|
64978
Description:
Unknown / Incomplete
|
2010-04-22
|
HTC Windows Mobile SMS Preview PopUp SMS Message XSS
|
|
91110
Description:
HTCondor contains a flaw in src/condor_contrib/aviary/src/AviaryScheddPlugin.cpp that may allow a remote denial of service. The issue is triggered when removing jobs. With a specially crafted request to the aviary_query_server, a remote attacker can cause the condor_schedd process to crash, which will require a restart.
|
2012-09-28
|
HTCondor src/condor_contrib/aviary/src/AviaryScheddPlugin.cpp Job Removal Crafted Query Handling Remote DoS
|
|
91111
Description:
HTCondor contains a flaw in src/condor_contrib/aviary/src/SchedulerObject.cpp that may allow a remote denial of service. The issue is triggered when removing jobs. With a specially crafted request to the aviary_query_server, a remote attacker can cause the condor_schedd process to crash, which will require a restart.
|
2012-09-28
|
HTCondor src/condor_contrib/aviary/src/SchedulerObject.cpp Job Removal Crafted Query Handling Remote DoS
|
|
12493
Description:
A remote overflow exists in htget. The application fails to properly check boundaries in htget.c resulting in a buffer overflow. With an overly long URL request, a remote attacker could cause arbitrary code execution resulting in a loss of integrity.
|
2004-12-20
|
htget Long URL Overflow
|
|
394
Description:
(Description Provided by CVE) : Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter.
|
2000-08-17
|
htgrep hdr Parameter Traversal Arbitrary File Access
|
|
53942
Description:
Unknown / Incomplete
|
2009-04-13
|
HTML Email Creator HMTL File Multiple Attribute Handling Overflow
|
|
75052
Description:
Unknown / Incomplete
|
2011-03-27
|
HTML Purifier CDATA / cssText/InnerHTML Unspecified XSS
|
|
69225
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
|
2010-04-26
|
HTML Purifier Crafted Background XSS
|
|
50271
Description:
Unknown / Incomplete
|
2008-05-19
|
HTML Purifier CSS Height/Weight Handling DoS
|
|
46546
Description:
Unknown / Incomplete
|
2008-06-19
|
HTML Purifier CSS Shift_JIS Output Encoding Unspecified XSS
|
|
88543
Description:
HTML Purifier contains an unspecified flaw in DirectLex, which can result in an infinite loop. This will cause a loss of availability for the program. No further details have been provided.
|
2007-11-05
|
HTML Purifier DirectLex Unspecified Infinite Loop DoS
|
|
69226
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
|
2010-04-26
|
HTML Purifier Font Family CSS Property XSS
|
|
46545
Description:
Unknown / Incomplete
|
2008-06-19
|
HTML Purifier font-family CSS XSS
|
|
75053
Description:
Unknown / Incomplete
|
2011-03-27
|
HTML Purifier HTMLPurifier/Lexer/DOMLex.php tokenizeDOM() Function Dom Object Handling Remote DoS
|
|
65515
Description:
Unknown / Incomplete
|
2010-05-31
|
HTML Purifier index.php Direct Execution Issue
|
