EUVD-2006-0911

Malware in sbrugna...

CVE-2024-41586

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component...

CVE-2025-30208 Vite bypasses server.fs.deny when using `?raw??`

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

CVE-2019-12935

Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI...

AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

mod_python denial-of-service vulnerability in parse_qs

An attacker may cause Apache with modpython to crash by using a specially constructed query string...

Perception LiteServe 2.0.1 - Directory Query String Cross-Site Scripting

source: https://www.securityfocus.com/bid/6143/info A cross site scripting vulnerability has been discovered in Perception LiteServe. It has been reported that LiteServe fails to sanitize query strings from indexed folders. It is possible for an attacker to exploit this issue by constructing a...

SWSoft ASPSeek 1.0 - 's.cgi' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by submitting an excessively long quer...