1085 matches found
CVE-2014-0867
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string...
Psunami Bulletin Board 0.x Psunami.CGI Remote Command Execution Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/6607/info Psunami Bulletin Board is prone to a remote command execution vulnerability. Psunami does not sufficiently sanitize shell metacharacters from query string parameters. As a result, it may be possible for a remote...
LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit
No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...
Adobe ColdFusion Server <= 8.0.1 administrator/enter.cfm Query String XSS
No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
PHP 4.x SafeMode Arbitrary File Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and...
SWSoft ASPSeek 1.0 s.cgi Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by...
Super Site Searcher Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are the...
Adobe ColdFusion Server <= 8.0.1 wizards/common/_logintowizard.cfm Query String XSS
No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
Foxit Reader <= 5.4.4.1128 Firefox Plugin npFoxitReaderPlugin.dll Stack Buffer Overflow
No description provided by source. ?php / Foxit Reader = 5.4.4.1128 Plugin for Firefox npFoxitReaderPlugin.dll Overlong Query String Remote Stack Buffer Overflow PoC --------------------------- rgod listener Tested against Microsoft Windows Mozilla Firefox 17.0.1 Foxit Reader 5.4.3.0920 Foxit...
CVE-2013-0201
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Brother MFC-9970CDW printer with firmware L 1.10 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 val parameter to admin/adminmain.html; 3 id, 4 val, or 5 arbitrary parameter name QUERYSTRING to...
PT-2014-2130 · Red Hat · Spacewalk
Name of the Vulnerable Software and Affected Versions: Spacewalk version 1.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the QueryString to the "SystemGroupList.do" page. This could potentially lead to unauthorized actions on th...
Cross site scripting
Cross-site scripting XSS vulnerability in e107plugins/content/handlers/contentpreset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string...
Cross site scripting
Cross-site scripting XSS vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 aka 5.33.946.0 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2013-2504
Cross-site scripting XSS vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 aka 5.33.946.0 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2013-4716
Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...
Cross site scripting
Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2013-4716
Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...
PHP < 5.3.12 / 5.4.x < 5.4.2 CGI Query String Code Execution
Binary data 6993.prm...