CVE-2012-2253

Cross-site scripting XSS vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter...

CVE-2012-2253

CVE-2012-2253 is a cross-site scripting (XSS) vulnerability in Mahara, specifically in group/members.php. The flaw allows remote attackers to inject arbitrary web script or HTML via a query parameter. Affected versions are Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2. The connected documents ...

PHP 5.4.x < 5.4.3 Multiple Vulnerabilities

Binary data 6495.prm...

UBUNTU-CVE-2012-2922

The requestpath function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q parameter to index.php, which reveals the installation path in an error message...

PHP 5.4.x < 5.4.3 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.3. It is, therefore, potentially affected the following vulnerabilities : - The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code...

The vulnerability exists in the standalone and also in the online demonstration enviroment.

It is possible to anonymously enumerate all usernames via the script at /rest/prototype/1/search/user.json?max-results=10&query=XX. The 'query' GET parameter should contain at least two charakters. It is possible to enumerate all usernames by performing a search from 'query' value 'aa' to 'zz'...

Code injection

webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012...

CVE-2012-1795

webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012...

VulnCheck KEV: CVE-2012-1795

webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012...

CVE-2010-4966

Cross-site scripting XSS vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action...

CVE-2010-4966

Cross-site scripting XSS vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action...

CVE-2010-4932

Cross-site scripting XSS vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter...

Unfixed XSS vulnerability at ccit.mines.edu

Security researcher p0pc0rn, has submitted on 07/01/2011 a cross-site-scripting XSS vulnerability affecting ccit.mines.edu, which at the time of submission ranked 64368 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/12/2011. It is currently...

Unfixed XSS vulnerability at www.one-stop-china.com

Security researcher jjbutler88, has submitted on 12/06/2010 a cross-site-scripting XSS vulnerability affecting www.one-stop-china.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 18/12/2011. It is...

Unfixed XSS vulnerability at www.thefind.com

Security researcher khameli, has submitted on 31/05/2010 a cross-site-scripting XSS vulnerability affecting www.thefind.com, which at the time of submission ranked 1348 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is currently...

JBossEAP status servlet info leak

Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...

JBossEAP status servlet info leak

Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...

CVE-2010-0614

SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the 1 question action, and possibly the 2 subpar or 3 numquest actions...

Sql injection

SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the 1 question action, and possibly the 2 subpar or 3 numquest actions...