CVE-2024-32028

OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans Activity when tracing is enabled for outgoing http requests and...

CVE-2024-41586

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component...

CVE-2023-1978

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2021-24306

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue...

CVE-2020-21053

Cross Site Scriptiong XSS vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "querystring" variable in app\devices\deviceimports.php...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2010-5302

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 r88, as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING...

CVE-2014-9180

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERYSTRING...

CVE-2010-2267

Multiple cross-site scripting XSS vulnerabilities in Accoria Web Server aka Rock Web Server 1.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the getenv sample program, 2 the desc parameter to loadstatic.cgi, 3 the name parameter to httpdcfg.cgi, or 4 t...

CVE-2013-4716

Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

CVE-2002-2192

Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...

CVE-2000-1231

code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string...

DEBIAN-CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

CVE-2025-28017

TOTOLINK A800R V4.1.2cu.5032B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERYSTRING parameter...

PT-2025-17646 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5032 B20200408 Description: The issue concerns a Command Injection vulnerability in the downloadFile.cgi file via the QUERY STRING parameter. This allows for potential exploitation. There is a high risk of...

TOTOLINK A800R 安全漏洞

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A800R suffers from a command injection vulnerability that stems from the QUERYSTRING parameter in downloadFile.cgi failing to correctly filter constructed command special characters, commands, and so on. No...

CVE-2025-29044

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERYSTRING key value...

NETGEAR R6100 安全漏洞

The NETGEAR R61 is a wireless router from NETGEAR. The NETGEAR R61 suffers from a buffer overflow vulnerability that stems from improper handling of the QUERYSTRING key value, which can be exploited by an attacker to execute arbitrary code...