CVE-2008-2951

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function...

Trac quickjump Search Script q Parameter Arbitrary Site Redirect

The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects. The version of Trac installed on the remote host fails to sanitize user input to the 'q' parameter of the 'search' script before using it in an unfiltered and unmanaged fashion in a...

Cross site scripting

Cross-site scripting XSS vulnerability in the search script in Build A Niche Store BANS 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2008-2531

Cross-site scripting XSS vulnerability in the search script in Build A Niche Store BANS 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2008-2531

CVE-2008-2531 is an XSS vulnerability in the Build A Niche Store (BANS) 3.0 installation. The issue resides in the search script and can be triggered by supplying arbitrary content through the q parameter, enabling remote attackers to inject web script or HTML. The connected records confirm the a...

CVE-2008-2531

Cross-site scripting XSS vulnerability in the search script in Build A Niche Store BANS 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2008-1919

SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter...

Sql injection

SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter...

CVE-2008-1919

The CVE-2008-1919 entry describes an SQL injection in listtest.php of YourFreeWorld Apartment Search Script, exploitable via the r parameter. The underlying issue is improper input handling in a PHP script leading to arbitrary SQL execution. The vulnerability is remote in scope and affects the li...

Apartment Search Script - listtest.php SQL Injection

Apartment Search Script - listtest.php SQL Injection $ Script : Apartment Search Script SQL Injection Vulnerability $ Script Info : http://www.yourfreeworld.com/script/apartment.asp $ Script Price : Only $79 $ Demo : http://www.downlinegoldmine.com/apartment/ $ Author : CrackersChild $ Contact :...

CVE-2007-6670

SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter...

Free Forum Search SQL注入漏洞

Free Forum是一款基于PHP的WEB应用程序。 Free Forum不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于搜索脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 New Vision Enterprise Free Forum 目前没有解决方案提供： http://www.nvecs.com/freeforum.asp...

PT-2007-4163 · Simpgb · Simpgb

Name of the Vulnerable Software and Affected Versions: SimpGB version 1.46.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path simpgb parameter to various PHP scripts, including "guestbook.php", "search.php", "mailer.php", "avatars.php", "ccode.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script...

CVE-2007-1873

Cross-site scripting XSS vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script...

PT-2007-1209 · Rapid · Rapid Classified

Name of the Vulnerable Software and Affected Versions: Rapid Classified version 3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various parameters in different scripts,...

Easy Search System v1.1 XSS vuln.

Easy Search System v1.1 XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/easy-search-system-v11-xss-vuln.html vendor:http://www.hotcgiscripts.net/?c=e-search affected version:v1.1 and prior Product Description: Easy Search System is a...

Google API Search XSS vuln.

Google API Search XSS vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/google-api-search-xss-vuln.html Vendor:http://www.wwwsearchsolutions.com/google.php affected version:v1.3.1 and prior Product Description: With this script you can be up an...

Forumwa search.php xss vulnerability

HRG - Hackerlounge Research Group Release: HRG005 Monday 03/01/05 Forumwav1 The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: Forumwav1 any version --- General information: Forumwa is a...

Phorum 5.0.7 - Search Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/10822/info A cross-site scripting vulnerability is reported to affect Phorum. This issue affects the 'search.php' script. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will b...