Search criteria
21 vulnerabilities found for search_appliance by google
FKIE_CVE-2011-1339
Vulnerability from fkie_nvd - Published: 2011-07-28 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1D1CE1-41BE-43E5-B591-1839FCBA9DCA",
"versionEndIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Google Search Appliance antes de v5.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-1339",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-28T18:55:01.843",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6223
Vulnerability from fkie_nvd - Published: 2006-12-02 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mini_search_appliance | * | ||
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DADCA8-2FA0-4170-AB18-6256E2BBFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F926EE9D-3C4C-429F-9961-8B31A88494A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Google Search Appliance y Google Mini permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro q de codificaci\u00f3n UTF-7.\r\n"
}
],
"id": "CVE-2006-6223",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-02T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23239"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017317"
},
{
"source": "cve@mitre.org",
"url": "http://sla.ckers.org/forum/read.php?3%2C3109"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21438"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sla.ckers.org/forum/read.php?3%2C3109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3755
Vulnerability from fkie_nvd - Published: 2005-11-22 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mini_search_appliance | * | ||
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DADCA8-2FA0-4170-AB18-6256E2BBFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F926EE9D-3C4C-429F-9961-8B31A88494A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages."
}
],
"id": "CVE-2005-3755",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20977"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3757
Vulnerability from fkie_nvd - Published: 2005-11-22 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mini_search_appliance | * | ||
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DADCA8-2FA0-4170-AB18-6256E2BBFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F926EE9D-3C4C-429F-9961-8B31A88494A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec."
}
],
"id": "CVE-2005-3757",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/20981"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/20981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3758
Vulnerability from fkie_nvd - Published: 2005-11-22 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mini_search_appliance | * | ||
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DADCA8-2FA0-4170-AB18-6256E2BBFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F926EE9D-3C4C-429F-9961-8B31A88494A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet."
}
],
"id": "CVE-2005-3758",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20980"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3756
Vulnerability from fkie_nvd - Published: 2005-11-22 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mini_search_appliance | * | ||
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DADCA8-2FA0-4170-AB18-6256E2BBFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F926EE9D-3C4C-429F-9961-8B31A88494A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports."
}
],
"id": "CVE-2005-3756",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/20979"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/20979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3754
Vulnerability from fkie_nvd - Published: 2005-11-22 21:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mini_search_appliance | * | ||
| search_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DADCA8-2FA0-4170-AB18-6256E2BBFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F926EE9D-3C4C-429F-9961-8B31A88494A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message."
}
],
"id": "CVE-2005-3754",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20978"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/20978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-1339 (GCVE-0-2011-1339)
Vulnerability from cvelistv5 – Published: 2011-07-28 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#86220950",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"name": "JVNDB-2011-000054",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-28T18:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#86220950",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"name": "JVNDB-2011-000054",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#86220950",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"name": "JVNDB-2011-000054",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1339",
"datePublished": "2011-07-28T18:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:26.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6223 (GCVE-0-2006-6223)
Vulnerability from cvelistv5 – Published: 2006-12-02 02:00 – Updated: 2024-08-07 20:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sla.ckers.org/forum/read.php?3%2C3109"
},
{
"name": "23239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sla.ckers.org/forum/read.php?3%2C3109"
},
{
"name": "23239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017317",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"name": "http://sla.ckers.org/forum/read.php?3,3109",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?3,3109"
},
{
"name": "23239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6223",
"datePublished": "2006-12-02T02:00:00",
"dateReserved": "2006-12-01T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3754 (GCVE-0-2005-3754)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "20978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20978"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "20978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20978"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "20978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20978"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3754",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3756 (GCVE-0-2005-3756)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20979"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3756",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3757 (GCVE-0-2005-3757)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"name": "20981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"name": "20981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
},
{
"name": "20981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3757",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3758 (GCVE-0-2005-3758)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20980"
},
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20980"
},
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20980"
},
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3758",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3755 (GCVE-0-2005-3755)
Vulnerability from cvelistv5 – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20977"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20977"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20977"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3755",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1339 (GCVE-0-2011-1339)
Vulnerability from nvd – Published: 2011-07-28 18:00 – Updated: 2024-09-16 17:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#86220950",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"name": "JVNDB-2011-000054",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-28T18:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#86220950",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"name": "JVNDB-2011-000054",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#86220950",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN86220950/index.html"
},
{
"name": "JVNDB-2011-000054",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1339",
"datePublished": "2011-07-28T18:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-16T17:38:26.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6223 (GCVE-0-2006-6223)
Vulnerability from nvd – Published: 2006-12-02 02:00 – Updated: 2024-08-07 20:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sla.ckers.org/forum/read.php?3%2C3109"
},
{
"name": "23239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sla.ckers.org/forum/read.php?3%2C3109"
},
{
"name": "23239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017317",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017317"
},
{
"name": "googlesearch-utf7-xss(30647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30647"
},
{
"name": "http://sla.ckers.org/forum/read.php?3,3109",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?3,3109"
},
{
"name": "23239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23239"
},
{
"name": "VU#989144",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989144"
},
{
"name": "ADV-2006-4789",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4789"
},
{
"name": "21438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6223",
"datePublished": "2006-12-02T02:00:00",
"dateReserved": "2006-12-01T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3754 (GCVE-0-2005-3754)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "20978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20978"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "20978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20978"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "20978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20978"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3754",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3756 (GCVE-0-2005-3756)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20979",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20979"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3756",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3757 (GCVE-0-2005-3757)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"name": "20981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
},
{
"name": "20981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
},
{
"name": "20981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3757",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3758 (GCVE-0-2005-3758)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20980"
},
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20980",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20980"
},
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20980"
},
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3758",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3755 (GCVE-0-2005-3755)
Vulnerability from nvd – Published: 2005-11-22 21:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20977"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20977",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20977"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17644"
},
{
"name": "20977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20977"
},
{
"name": "http://metasploit.com/research/vulns/google_proxystylesheet/",
"refsource": "MISC",
"url": "http://metasploit.com/research/vulns/google_proxystylesheet/"
},
{
"name": "20051121 Google Search Appliance proxystylesheet Flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417310/30/0/threaded"
},
{
"name": "ADV-2005-2500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2500"
},
{
"name": "15509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15509"
},
{
"name": "1015246",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3755",
"datePublished": "2005-11-22T21:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}