Tellme
by Tellme
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-4698 | 0.03 | — | 0.02 | Dec 31, 2005 | Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters. | |||
| CVE-2005-4699 | 0.00 | — | 0.02 | Dec 31, 2005 | Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter. | |||
| CVE-2005-4700 | 0.00 | — | 0.02 | Dec 31, 2005 | TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. |
- CVE-2005-4698Dec 31, 2005risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.
- CVE-2005-4699Dec 31, 2005risk 0.00cvss —epss 0.02
Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.
- CVE-2005-4700Dec 31, 2005risk 0.00cvss —epss 0.02
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.