1082 matches found
CVE-2005-4041
Cross-site scripting XSS vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-3745
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3498
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...
Sybase EAServer WebConsole buffer overflow
Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...
CVE-2005-3127
Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-3127
Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-2453
Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-2453
Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2000-1231
The CVE describes a vulnerability in Phorum 3.0.7 where code.php3 allows remote attackers to read arbitrary files within the Phorum directory via the query string. The affected software is Phorum 3.0.7; the vulnerable component is the code.php3 execution path that mishandles query strings, enabli...
CVE-2002-1926
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...
CVE-2002-1973
The CVE-2002-1973 entry describes a buffer overflow in CHttpServer::OnParseError of the ISAPI extension (Isapi.cpp) when built with MFC static libraries in Visual C++ 5.0 and 6.0 before SP3. This flaw, present in multiple products (including BadBlue), can be triggered by a long query string that ...
CVE-2002-1732
Multiple cross-site scripting XSS vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string argument to certain .pl files, 2 the REFPAGE parameter to ca000007.pl, 3 PRODREF parameter to ss000007.pl, or 4 hop parameter to...
CVE-2004-2128
Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...
CVE-2005-0883
CVE-2005-0883 describes two reflected XSS vulnerabilities in DigitalHive 2.0's base.php: (1) mt parameter to membres.php and (2) -afs-1- query string to msg.php. Attackers can inject arbitrary web script/HTML via these inputs. The provided documents do not specify a patch or workaround within thi...
CVE-2004-2183
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string...
CVE-2004-0096
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...
CVE-2004-0227
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...
DEBIAN-CVE-2004-0227
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...
CVE-2004-0096
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...
security flaw
Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...