National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:namazu:namazu:2.0.13:rc4
There are 5 matching records.
Vuln ID Summary CVSS Severity
CVE-2011-4711

Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter.

Published: December 08, 2011; 02:55:05 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-4345

Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.

Published: November 29, 2011; 11:05:58 PM -05:00
V2: 2.6 LOW
CVE-2009-5028

Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field.

Published: November 29, 2011; 11:05:58 PM -05:00
V2: 7.5 HIGH
CVE-2008-1468

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.

Published: March 24, 2008; 05:44:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2004-1318

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.

Published: January 06, 2005; 12:00:00 AM -05:00
V2: 4.3 MEDIUM