security flaw

Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...

mod_python remote DoS

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

CVE-2003-1531

Cross-site scripting XSS vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2003-0973

Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...

CVE-2003-0973

Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...

mod_python denial-of-service vulnerability in parse_qs

An attacker may cause Apache with modpython to crash by using a specially constructed query string...

CVE-2002-2378

Cross-site scripting XSS vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon : in the query string, which is inserted into the resulting error page...

CVE-2002-2192

Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...

LiteServe Directory Index Cross-Site Scripting

There are three different places in the directory index of LiteServe where unsanitized user input is returned to the browser. The first is yet another wildcard DNS vulnerability, the second centers around query strings. Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt DNS Wildcard XSS This...

Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting

Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting source: https://www.securityfocus.com/bid/6143/info A cross site scripting vulnerability has been discovered in Perception LiteServe. It has been reported that LiteServe fails to sanitize query strings from indexed folders. ...

Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting

source: https://www.securityfocus.com/bid/6143/info A cross site scripting vulnerability has been discovered in Perception LiteServe. It has been reported that LiteServe fails to sanitize query strings from indexed folders. It is possible for an attacker to exploit this issue by constructing a...

Super Site Searcher - Remote Command Execution

Super Site Searcher - Remote Command Execution source: https://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The...

XSS in Null HTTPd

Null HTTPd is a simple HTTP server that runs on Win32/Unix systems. It is quite basic, but offers good CGI support. A vulnerability in Null HTTPd may allow cross-site scripting via a 404 page: http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT You have to place this in the query string so that i...

omnihttpd.txt

A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...

OmniHTTPd test.php Cross-Site Scripting Issue

A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...

CVE-2001-0731

CVE-2001-0731 affects Apache 1.3.20 when Multiviews is enabled. A remote attacker can cause a directory listing to be displayed (information disclosure) by crafting a request containing an M=D query string, bypassing normal index page behavior. Public advisories and scans consistently reference t...

SWSoft ASPSeek 1.0 - 's.cgi' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by submitting an excessively long quer...

Mysql 3.22.x/3.23.x - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/2262/info MySQL is a widely used Open Source database tool. Versions of MySQL up to and including 3.23.30 are vulnerable to a buffer overflow attack. By supplying an excessively long string as an argument for a SELECT statement, it is possible for a...

CVE-2000-0401

Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string...

Alert: DNewsWeb buffer overflow

Cerberus Information Security Advisory CISADV000505 http://www.cerberus-infosec.co.uk/advisories.shtml Released : 5th May 2000 Name : DNewsweb Buffer Overflow Affected Systems : nix/Win32 Web Servers running Dnewsweb Issue : Attackers can remotely execute arbitrary code Author : Mark Litchfield...