1195 matches found
CVE-2005-4431
SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the viewuser.php/sortby vector is already covered by CVE-2005-1554 and CVE-2004-2181...
CVE-2005-4060
Cross-site scripting XSS vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter...
CVE-2005-4060
Cross-site scripting XSS vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter...
CVE-2005-4044
Cross-site scripting XSS vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter...
CVE-2005-3967
Cross-site scripting XSS vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter...
CVE-2005-3967
Cross-site scripting XSS vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter...
CVE-2005-3881
SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter...
CVE-2005-3841
Cross-site scripting XSS vulnerability in kPlaylist 1.6 build 400, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter...
CVE-2005-3841
Cross-site scripting XSS vulnerability in kPlaylist 1.6 build 400, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter...
CVE-2005-3308
Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...
CVE-2005-3308
Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...
CVE-2004-2468
Cross-site scripting XSS vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2002-2107
Cross-site scripting XSS vulnerability in the lookup script in Veridis OpenKeyServer OKS 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2005-2392
Cross-site scripting XSS vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function...
CVE-2005-2163
Cross-site scripting XSS vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2005-2163
AutoIndex PHP Script 1.5.2 is affected by a stored/reflected XSS in index.php via the search parameter. The vulnerability allows an attacker to inject arbitrary HTML/JavaScript, which is executed in the victim’s browser and can lead to cookie theft or session hijacking. The Nessus entry confirms ...
CVE-2005-2163
Cross-site scripting XSS vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2005-1500
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the keyword parameter in search.php; or 2 the dateno parameter in viewdate mode, 3 the catid parameter in viewcat mode, the 4 monthno or 5 year parameter in viewmonth mode, or ...
e107 search.php search_info Parameter Traversal Arbitrary File Inclusion
The version of e107 installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'searchinfo' parameter of the 'search.php' script. This vulnerability could allow a remote, unauthenticated attacker to view...
CVE-2004-1797
Cross-site scripting XSS vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter...