CVE-2006-0983
published 2006-03-03CVE-2006-0983: Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.95%
77.7th percentile
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| david_barrett | qwikiwiki | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2006-5467 Ruby CGI multipart parsing DoS
bugzilla·2006-10-26·CVSS 5.0
CVE-2006-5467 [MEDIUM] CVE-2006-5467 Ruby CGI multipart parsing DoS
CVE-2006-5467 Ruby CGI multipart parsing DoS
+++ This bug was initially created as a clone of Bug #212237 +++
Jeremy Kemper mailed this information to vendor-sec:
Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
when the input stream returns "" (empty string) instead of nil on EOF.
Certain malformed multipart requests leave the parser in a non-terminating
state, leaving the program vulnerable to denial of service attack. The fix
more carefully checks for input stream EOF.
affected: standalone CGI, Mongrel
unaffected: FastCGI, mod_ruby, WEBrick
This fully closes a previously-reported but partially-fixed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
http://www.securityfocus.com/bid/11618/info
-- Additional comment from bressers@red
Bugzilla
CVE-2006-5467 Ruby CGI multipart parsing DoS
bugzilla·2006-10-25·CVSS 5.0
CVE-2006-5467 [MEDIUM] CVE-2006-5467 Ruby CGI multipart parsing DoS
CVE-2006-5467 Ruby CGI multipart parsing DoS
Jeremy Kemper mailed this information to vendor-sec:
Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
when the input stream returns "" (empty string) instead of nil on EOF.
Certain malformed multipart requests leave the parser in a non-terminating
state, leaving the program vulnerable to denial of service attack. The fix
more carefully checks for input stream EOF.
affected: standalone CGI, Mongrel
unaffected: FastCGI, mod_ruby, WEBrick
This fully closes a previously-reported but partially-fixed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
http://www.securityfocus.com/bid/11618/info
Discussion:
This issue should also affect RHEL2.1 and RHEL3
---
Created attachment 139389
Proposed pat
http://securityreason.com/securityalert/510http://sourceforge.net/forum/forum.php?forum_id=438526http://www.osvdb.org/23700http://www.securityfocus.com/archive/1/426319/100/0/threadedhttp://www.securityfocus.com/bid/16874https://exchange.xforce.ibmcloud.com/vulnerabilities/24950http://securityreason.com/securityalert/510http://sourceforge.net/forum/forum.php?forum_id=438526http://www.osvdb.org/23700http://www.securityfocus.com/archive/1/426319/100/0/threadedhttp://www.securityfocus.com/bid/16874https://exchange.xforce.ibmcloud.com/vulnerabilities/24950
2006-03-03
Published