boutikone-xss.txt

BoutikOne CMS - Cross Site Scripting XSS Vulnerability http://www.boutikone.com/ XSS fOUND BY d3v1l - http://security-sh3ll.com/forum.php Bug :- searchquery=XSS Example :- http://www.un-monde-mystique.com/search.php?lang=1&sort=Ref&searchquery='"alert1337XSS...

dotCMS search-results.dot search_query Parameter XSS

The remote host is using dotCMS, an open source J2EE / Java web content management system. The version of dotCMS installed on the remote host fails to sanitize input to the 'searchquery' parameter of the 'search-results.dot' script before using it to generate dynamic HTML output. An attacker may ...

CVE-2008-1076

Cross-site scripting XSS vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

PHP-RESIDENCE 0.7.2 (Search) Remote SQL Injection Vulnerability

No description provided by source. PHPRESIDENCE 0.7.2 Remote Sql Injection BY IRCRASH AUTHOR :&n...

PHP-RESIDENCE 0.7.2 - Search SQL Injection

PHP-RESIDENCE 0.7.2 - Search SQL Injection PHPRESIDENCE 0.7.2 Remote Sql Injection BY IRCRASH AUTHOR : IRCRASH R3d.W0rm Script Download : http://www.digitaldruid.net/download/php-residence0.7.2.zip Vulnerability Page:...

Sql injection

SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field...

CVE-2007-2858

SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field...

iptrack-sql.txt

Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which logs all Page hits the user of the Boards do including Referer, IP and Username. It contains a SQL-Injection on Admin-Level. You can get it from: http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0 Steps t...

Sql injection

SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via 1 the ofinterest parameter in a light search query, 2 description parameter in the advanced search query, and possibly other vectors...

A-shop v0.70 SQL INECTION

Product : A-shop Version : v0.70 Vulnerability : SQL INJECTION http://www.rammdev.com/ashop/demo/default.asp?mod=search&type=simple&q='SQLINJECTION'&cmdSearch=Search Example ; http://www.rammdev.com/ashop/demo/default.asp?mod=search&type=simple&q='unionselect201,1,1,120from20users'&cmdSearch=Sear...

SyntaxCMS - Search Query Cross-Site Scripting

source: https://www.securityfocus.com/bid/16033/info SyntaxCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of...

CVE-2005-4394

Cross-site scripting XSS vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters...

CVE-2005-4394

Cross-site scripting XSS vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters...

Google Toolbar 1.1.60 - Search Function Denial of Service

Google Toolbar 1.1.60 - Search Function Denial of Service source: https://www.securityfocus.com/bid/5477/info Reportedly, when the Google Toolbar receives a search query it may cause Microsoft Internet Explorer to crash. When a user views a malicious web page it will cause the Google Toolbar to...