148 matches found
CVE-2024-2351
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument catid/brandid/keyword leads to sql injection. The attack can be launched...
CVE-2023-7156
A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely...
Sql injection
A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely...
Microsoft Windows Search Component Security Vulnerability
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Search Component. An attacker could exploit this vulnerability to gain elevated privileges. The following product...
Microsoft Windows Search Component Security Vulnerability
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Search Component. An attacker could exploit this vulnerability to bypass certain functionality. The following...
The vulnerability of the _search component of the Elasticsearch search engine allows a hacker to trigger a service failure.
The vulnerability of the search component of the Elasticsearch search engine involves reading data beyond the buffer limits in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure by sending a specially crafted API request remotely...
CVE-2023-4118
A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may ...
PT-2023-27850 · Unknown · Cute Http File Server
Name of the Vulnerable Software and Affected Versions: Cute Http File Server version 2.0 Description: A problematic vulnerability was found in the Search component of Cute Http File Server, leading to cross site scripting. The manipulation can be initiated remotely. The exploit has been disclosed...
Cute Http File Server Cross-Site Scripting Vulnerability
Cute Http File Server is a free, HTTP protocol file sharing server for iscute individual developers. A cross-site scripting vulnerability exists in Cute Http File Server version 2.0, which stems from a problem with the component Search that can lead to cross-site scripting...
CVE-2023-3789
A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The...
PT-2023-26160 · Unknown · Paulprinting Cms
Name of the Vulnerable Software and Affected Versions: PaulPrinting CMS version 2018 Description: A problematic issue was found in the Search component of the affected software, specifically in an unknown function of the file /account/delivery. The manipulation of the s argument leads to cross-si...
PT-2023-2673 · Oracle · Peoplesoft Enterprise Peopletools
Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.58 through 8.60 Description: The issue exists due to insufficient input validation in the Elastic Search component of Oracle PeopleSoft Enterprise PeopleTools. This allows a remote attacker to gain...
Sql injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated...
CVE-2023-1963 PHPGurukul Bank Locker Management System Search index.php sql injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated...
PT-2023-17376 · Unknown · Phpgurukul Bank Locker Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Bank Locker Management System version 1.0 Description: A critical issue affects the Search component of the PHPGurukul Bank Locker Management System, specifically in the file index.php. The manipulation of the searchinput argument...
PT-2023-10328 · Unknown · Openacs Bug-Tracker
Name of the Vulnerable Software and Affected Versions: OpenACS bug-tracker affected versions not specified Description: A problematic vulnerability has been found in OpenACS bug-tracker, affecting an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to...
CVE-2022-43369
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component search.php...
PT-2022-26876 · Unknown · Autotaxi Stand Management System
Name of the Vulnerable Software and Affected Versions: AutoTaxi Stand Management System version 1.0 Description: The AutoTaxi Stand Management System contains a cross-site scripting XSS issue via the search.php component. This allows for potential malicious script injection and execution...
Frappe Technologies Frappe 跨站脚本漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe prior to version 2.5.0, which stems from unknown functionality in the component Search in...
CVE-2022-3988
CVE-2022-3988 (Frappe) affects an unknown functionality in the file frappe/templates/includes/navbar/navbar_search.html (component: Search). The underlying issue is that manipulating the query parameter q enables cross-site scripting (XSS). The description notes that the attack may be launched re...