U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:namazu:namazu:2.0.13
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2011-4711

Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter.

Published: December 08, 2011; 2:55:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4345

Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.

Published: November 29, 2011; 11:05:58 PM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2009-5028

Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field.

Published: November 29, 2011; 11:05:58 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2008-1468

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.

Published: March 24, 2008; 5:44:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2004-1318

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.

Published: January 06, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM