Lucene search
K

1128 matches found

Positive Technologies
Positive Technologies
added 2005/12/31 12:0 a.m.4 views

PT-2005-5443 · Fidra · Fidra Lighthouse Cms

Name of the Vulnerable Software and Affected Versions: Fidra Lighthouse CMS versions 1.1.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query string to the home page. The vendor disputes this...

4.3CVSS5.9AI score0.03602EPSS
Exploits1References8
NVD
NVD
added 2005/12/22 11:3 a.m.22 views

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

4.3CVSS5.9AI score0.02029EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/12/22 11:0 a.m.26 views

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

5.9AI score0.02029EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/12/13 11:0 a.m.21 views

CVE-2005-4194

Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service application crash via a long query string...

6.8AI score0.03366EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/12/11 11:0 a.m.20 views

CVE-2005-4160

Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument...

6.6AI score0.0307EPSS
Exploits0References5
myhack58
myhack58
added 2005/12/10 12:0 a.m.7 views

Cross-site attacks-steal cookies-vulnerability warning-the black bar safety net

% msg=Request. ServerVariables"QUERYSTRING" testfile=Server. MapPath"cook.txt" set fs=server. CreateObject"scripting. filesystemobject" set thisfile=fs. OpenTextFiletestfile,8,True,0 thisfile. Writeline""&msg& "" thisfile. close set fs = nothing % scriptwindow...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2005/12/06 11:0 a.m.19 views

CVE-2005-4041

Cross-site scripting XSS vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string...

6.2AI score0.01338EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/11/22 11:0 a.m.37 views

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

7.9AI score0.25707EPSS
Exploits1References13
NVD
NVD
added 2005/11/04 12:2 a.m.27 views

CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...

4.3CVSS6AI score0.11293EPSS
Exploits1References5
Saint
Saint
added 2005/11/04 12:0 a.m.46 views

Sybase EAServer WebConsole buffer overflow

Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...

4.6CVSS7.8AI score0.74202EPSS
Exploits6
NVD
NVD
added 2005/10/04 10:2 p.m.16 views

CVE-2005-3127

Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...

4.3CVSS5.7AI score0.01752EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/10/04 4:0 a.m.18 views

CVE-2005-3127

Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...

5.7AI score0.01752EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/08/04 4:0 a.m.21 views

CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

6.2AI score0.01965EPSS
Exploits0References6
NVD
NVD
added 2005/08/04 4:0 a.m.16 views

CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

4.3CVSS5.8AI score0.01965EPSS
Exploits0References6
CVE
CVE
added 2005/07/14 4:0 a.m.48 views

CVE-2000-1231

The CVE describes a vulnerability in Phorum 3.0.7 where code.php3 allows remote attackers to read arbitrary files within the Phorum directory via the query string. The affected software is Phorum 3.0.7; the vulnerable component is the code.php3 execution path that mishandles query strings, enabli...

5CVSS7.1AI score0.01548EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2005/06/28 4:0 a.m.59 views

CVE-2002-1973

The CVE-2002-1973 entry describes a buffer overflow in CHttpServer::OnParseError of the ISAPI extension (Isapi.cpp) when built with MFC static libraries in Visual C++ 5.0 and 6.0 before SP3. This flaw, present in multiple products (including BadBlue), can be triggered by a long query string that ...

7.5CVSS8.3AI score0.40046EPSS
Exploits1References8Affected Software2
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.17 views

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

6.7AI score0.01685EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.19 views

CVE-2002-1732

Multiple cross-site scripting XSS vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string argument to certain .pl files, 2 the REFPAGE parameter to ca000007.pl, 3 PRODREF parameter to ss000007.pl, or 4 hop parameter to...

5.8AI score0.0137EPSS
Exploits0References8
Cvelist
Cvelist
added 2005/05/27 4:0 a.m.16 views

CVE-2004-2128

Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...

6.3AI score0.02347EPSS
Exploits1References7
CVE
CVE
added 2005/03/26 5:0 a.m.49 views

CVE-2005-0883

CVE-2005-0883 describes two reflected XSS vulnerabilities in DigitalHive 2.0's base.php: (1) mt parameter to membres.php and (2) -afs-1- query string to msg.php. Attackers can inject arbitrary web script/HTML via these inputs. The provided documents do not specify a patch or workaround within thi...

4.3CVSS6.1AI score0.01784EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder