CVE-2017-11175

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login...

CVE-2017-11175

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login...

Insteon Hub HTTPExecuteGet Parameters Extraction Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger...

Engel Voelkers Cross Site Scripting

Exploit Title: Reflected XSS at Engel Voelkers Date: 27.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.engelvoelkers.com/ Software Link: Engel Voelkers Website Version: 1.0 Tested on: Kali Linux Reflected XSS Payload : residential'-confirm/Ismail Tasdelen/-' HTTP REQUEST...

Software Advice 1.0 Cross Site Scripting

Exploit Title: Reflected XSS at Software Advice Date: 27.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.softwareadvice.com/ Software Link: Software Advice Website Version: 1.0 Tested on: Kali Linux Reflected XSS Payload : '-confirmIsmail Tasdelen-' HTTP REQUEST HEADER :...

Design/Logic Flaw

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php...

CVE-2018-11487

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php...

Boerse.de Cross SIte Scripting

Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...

Design/Logic Flaw

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...

CVE-2018-9852

In Gxlcms QY v1.0.0713, the vulnerable component is Lib\Lib\Action\Home\HitsAction.class.php. The issue allows remote attackers to read data from the database by injecting a FROM clause into the query string of a Home-Hits request (e.g., sid=user,password%20from%20mysql.user%23). This appears as ...

UBUNTU-CVE-2018-7563

An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The...

Dashbuilder: insecure handling of CSRF token

It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...

Discourse: Gaining access to private topics using quoting feature

Description Some topics have limited access to certain groups and users, and while there exists a validation for access on this topic, it can be bypassed by abusing a vulnerability in the "onebox" quoting feature. When pasting a link in a reply, if this link happens to be a link to another topic ...

Keybase: Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user

Hello! When using the Keybase Chrome extension and viewing a Hacker News profile page with an additional id parameter in the query string, Hacker News uses the username from the first id parameter, whereas the Keybase extension uses the username from the second id parameter. Example URL:...

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

Design/Logic Flaw

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

CVE-2018-5715

SugarCRM 3.5.1 is vulnerable to Cross-Site Scripting via phprint.php due to improper handling of the GET parameter name ($key) in the query string. The root cause is that the $key values are not encoded when constructing the query string, enabling injection of arbitrary JavaScript into the victim...

VulnCheck KEV: CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...

DEBIAN-CVE-2017-7559

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...