1128 matches found
PT-2005-5443 · Fidra · Fidra Lighthouse Cms
Name of the Vulnerable Software and Affected Versions: Fidra Lighthouse CMS versions 1.1.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query string to the home page. The vendor disputes this...
CVE-2005-4491
Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...
CVE-2005-4491
Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...
CVE-2005-4194
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service application crash via a long query string...
CVE-2005-4160
Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument...
Cross-site attacks-steal cookies-vulnerability warning-the black bar safety net
% msg=Request. ServerVariables"QUERYSTRING" testfile=Server. MapPath"cook.txt" set fs=server. CreateObject"scripting. filesystemobject" set thisfile=fs. OpenTextFiletestfile,8,True,0 thisfile. Writeline""&msg& "" thisfile. close set fs = nothing % scriptwindow...
CVE-2005-4041
Cross-site scripting XSS vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-3745
Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...
CVE-2005-3498
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...
Sybase EAServer WebConsole buffer overflow
Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...
CVE-2005-3127
Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-3127
Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-2453
Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2005-2453
Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2000-1231
The CVE describes a vulnerability in Phorum 3.0.7 where code.php3 allows remote attackers to read arbitrary files within the Phorum directory via the query string. The affected software is Phorum 3.0.7; the vulnerable component is the code.php3 execution path that mishandles query strings, enabli...
CVE-2002-1973
The CVE-2002-1973 entry describes a buffer overflow in CHttpServer::OnParseError of the ISAPI extension (Isapi.cpp) when built with MFC static libraries in Visual C++ 5.0 and 6.0 before SP3. This flaw, present in multiple products (including BadBlue), can be triggered by a long query string that ...
CVE-2002-1926
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...
CVE-2002-1732
Multiple cross-site scripting XSS vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string argument to certain .pl files, 2 the REFPAGE parameter to ca000007.pl, 3 PRODREF parameter to ss000007.pl, or 4 hop parameter to...
CVE-2004-2128
Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...
CVE-2005-0883
CVE-2005-0883 describes two reflected XSS vulnerabilities in DigitalHive 2.0's base.php: (1) mt parameter to membres.php and (2) -afs-1- query string to msg.php. Attackers can inject arbitrary web script/HTML via these inputs. The provided documents do not specify a patch or workaround within thi...