1085 matches found
DEBIAN-CVE-2004-0227
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...
CVE-2004-0096
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...
security flaw
Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...
mod_python remote DoS
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...
CVE-2003-1531
Cross-site scripting XSS vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2003-0973
Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...
CVE-2003-0973
Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...
mod_python denial-of-service vulnerability in parse_qs
An attacker may cause Apache with modpython to crash by using a specially constructed query string...
CVE-2002-2378
Cross-site scripting XSS vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon : in the query string, which is inserted into the resulting error page...
CVE-2002-2192
Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...
LiteServe Directory Index Cross-Site Scripting
There are three different places in the directory index of LiteServe where unsanitized user input is returned to the browser. The first is yet another wildcard DNS vulnerability, the second centers around query strings. Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt DNS Wildcard XSS This...
Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting
Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting source: https://www.securityfocus.com/bid/6143/info A cross site scripting vulnerability has been discovered in Perception LiteServe. It has been reported that LiteServe fails to sanitize query strings from indexed folders. ...
Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting
source: https://www.securityfocus.com/bid/6143/info A cross site scripting vulnerability has been discovered in Perception LiteServe. It has been reported that LiteServe fails to sanitize query strings from indexed folders. It is possible for an attacker to exploit this issue by constructing a...
Super Site Searcher - Remote Command Execution
Super Site Searcher - Remote Command Execution source: https://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The...
XSS in Null HTTPd
Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is quite basic, but offers good CGI support. A vulnerability in Null HTTPd may allow cross-site scripting via a 404 page: http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT You have to place this in the query string so that i...
omnihttpd.txt
A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...
OmniHTTPd test.php Cross-Site Scripting Issue
A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...
CVE-2001-0731
CVE-2001-0731 affects Apache 1.3.20 when Multiviews is enabled. A remote attacker can cause a directory listing to be displayed (information disclosure) by crafting a request containing an M=D query string, bypassing normal index page behavior. Public advisories and scans consistently reference t...
SWSoft ASPSeek 1.0 - 's.cgi' Remote Buffer Overflow
source: https://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by submitting an excessively long quer...
Mysql 3.22.x/3.23.x - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/2262/info MySQL is a widely used Open Source database tool. Versions of MySQL up to and including 3.23.30 are vulnerable to a buffer overflow attack. By supplying an excessively long string as an argument for a SELECT statement, it is possible for a...