1195 matches found
Sql injection
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...
CVE-2008-2114
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...
CVE-2008-1987
Cross-site scripting XSS vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in cgi-bin/contray/search.cgi in ContRay 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-1960
Cross-site scripting XSS vulnerability in cgi-bin/contray/search.cgi in ContRay 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Unfixed XSS vulnerability at www.highbeam.com
Security researcher skathgh420, has submitted on 04/10/2008 a cross-site-scripting XSS vulnerability affecting www.highbeam.com, which at the time of submission ranked 5842 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/10/2008. It is...
Sql injection
Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 query parameter to a search.php; 2 gusername and 3 gpassword parameters to b login.php; and the 4 username and 5 password parameters to c gadmin/index.php in a...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter in a pagetoolsearch action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-0679
Cross-site scripting XSS vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2008-0720
Cross-site scripting XSS vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webminsearch.cgi aka the search section, and possibly other components accessed through a "search box" or "open...
CVE-2008-0700
Affected software: Crux Software CruxCMS 3.0 (CruxCMS). Issue: Cross-site Scripting (XSS) in search.php via the search parameter, enabling remote injection of arbitrary web script/HTML and potential script execution in a user’s browser. Underlying cause: input sanitation error in the search param...
CVE-2008-0679
Cross-site scripting XSS vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2007-6696
Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via 1 an event description, 2 the query string to pref.php, and 3 the adv parameter to search.php. NOTE: vector 1 requires user authentication...
CVE-2007-6696
Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via 1 an event description, 2 the query string to pref.php, and 3 the adv parameter to search.php. NOTE: vector 1 requires user authentication...
CVE-2007-6616
Cross-site scripting XSS vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI...
CVE-2007-6392
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI...
CVE-2007-6392
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI...