Tellme : Security vulnerabilities, CVEs

Copy

CVE-2005-4700

TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.

Max CVSS

5.0

EPSS Score

0.68%

Published

2005-12-31

Updated

2017-07-20

CVE-2005-4698

Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.

Max CVSS

4.3

EPSS Score

1.05%

Published

2005-12-31

Updated

2017-07-20

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!