udt.ru XSS vulnerability

Vulnerable URL: http://udt.ru/search/?q=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FXSSPOSED%2F%3E=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA Details: Description| Value ---|--- Patched:| Yes, at 22.05.2017 Latest check for patch:| 22.05.2017 03:08 GMT Vulnerability type:| XSS Vulnerability status...

janes.com XSS vulnerability

Vulnerable URL: http://www.janes.com/article/search?query=...

DEBIAN-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

phpmyadmin -- Multiple XSS vulnerabilities

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...

hyattregistry.com XSS vulnerability

Vulnerable URL: http://www.hyattregistry.com/search?query=1'%22%26%25promptString.fromCharCode88,83,83,80,79,83,69,68...

cointelegraph.co.za XSS vulnerability

Vulnerable URL: http://cointelegraph.co.za/search?query=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

recettes.net XSS vulnerability

Vulnerable URL: http://www.recettes.net/recherche.php?query=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 264018 Googl...

shop.bild.de XSS vulnerability

Vulnerable URL: http://shop.bild.de/app/navigation.do?action=Search=...

bcdb.com XSS vulnerability

Vulnerable URL: http://www.bcdb.com/bcdb/search.cgi?query=Search%20BC%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3EDB...&bool=and&substring=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

steuerberatungskanzleien.de XSS vulnerability

Open Bug Bounty ID: OBB-74086 Description| Value ---|--- Affected Website:| steuerberatungskanzleien.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

LivelyCart SQL Injection Vulnerability

LivelyCart is a PHP online storage store based on JQuery. A SQL injection vulnerability exists in LivelyCart version 1.2.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'searchquery' parameter in the product/search URI...

SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2015:1077-1)

openldap2 was updated to fix two security issues and one non-security bug. The following vulnerabilities were fixed : - A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. bnc916897...

Cross site scripting

Cross-site scripting XSS vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query...

CVE-2015-0146

IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended...

CVE-2015-0146

IBM Content Collector for Email (3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001) is affected by an information-disclosure vulnerability due to improper handling of an unspecified query operator when searching IBM FileNet P8 systems via IBM Content Search Servi...

OpenLDAP Double Release Vulnerability

OpenLDAP is an open source Lightweight Directory Access Protocol LDAP implementation. A double-release vulnerability in OpenLDAP 2.4.40 allows remote attackers to launch a denial of service attack via a matching value-controlled search query...

Double free

Double free vulnerability in the getvrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service crash via a crafted search query with a matched values control...