CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2010-5302

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 r88, as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING...

CVE-2014-9180

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERYSTRING...

CVE-2010-2267

Multiple cross-site scripting XSS vulnerabilities in Accoria Web Server aka Rock Web Server 1.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the getenv sample program, 2 the desc parameter to loadstatic.cgi, 3 the name parameter to httpdcfg.cgi, or 4 t...

CVE-2013-4716

Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

CVE-2002-2192

Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...

CVE-2000-1231

code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string...

DEBIAN-CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

The vulnerability of the main() function in NETGEAR R6100 integrated routing software allows a hacker to execute arbitrary code.

The vulnerability of the main function in NETGEAR R6100 integrated routing software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code using the QUERYSTRING parameter...

CVE-2025-28017

TOTOLINK A800R V4.1.2cu.5032B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERYSTRING parameter...

TOTOLINK A800R 安全漏洞

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A800R suffers from a command injection vulnerability that stems from the QUERYSTRING parameter in downloadFile.cgi failing to correctly filter constructed command special characters, commands, and so on. No...

PT-2025-17646 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5032 B20200408 Description: The issue concerns a Command Injection vulnerability in the downloadFile.cgi file via the QUERY STRING parameter. This allows for potential exploitation. There is a high risk of...

CVE-2025-29044

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERYSTRING key value...

NETGEAR R6100 安全漏洞

The NETGEAR R61 is a wireless router from NETGEAR. The NETGEAR R61 suffers from a buffer overflow vulnerability that stems from improper handling of the QUERYSTRING key value, which can be exploited by an attacker to execute arbitrary code...

Arbitrary File Disclosure

Vite is vulnerable to Arbitrary File Disclosure. The vulnerability is due to improper handling of trailing separators in query strings and is caused by the removal of trailing separators ? without proper validation in regex checks, allows attackers to bypass file access restrictions and retrieve...

CVE-2025-30208

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

CVE-2025-30208

CVE-2025-30208 (Vite) : In affected Vite versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10, an attacker can bypass file-access controls via URLs using trailing query markers (e.g., ?raw?? or ?import&raw??), causing arbitrary files to be exposed when the dev server is network-accessible. ...

CVE-2025-30208 Vite bypasses server.fs.deny when using `?raw??`

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...