SUSE CVE-2003-1543

Cross-site scripting XSS vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message...

SUSE CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

SUSE CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

SUSE CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

SUSE CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

SUSE CVE-2009-1578

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

SUSE CVE-2010-4572

CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than...

SUSE CVE-2012-1823

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

SUSE CVE-2012-2311

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options i...

SUSE CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with a +...

SUSE CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

SUSE CVE-2017-10962

REDCap before 7.5.1 has XSS via the query string...

SUSE CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

SUSE CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

SUSE CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

UBUNTU-CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

AVideo contains Command injection when embedding a video link

Impact: An attacker could execute remote code on a system running wwbn/avideo Step to Reproduce: 1. Go to the My Videos tab https://demo.avideo.com/mvideos 2. Click "Embed a video link" Append a command to the url as a query string. eg. ?whoami then click Save This issue has been resolved in comm...

PT-2023-20024 · World Wide Broadcast Network · Avideo

Name of the Vulnerable Software and Affected Versions: World Wide Broadcast Network AVideo versions prior to 12.4 Description: The issue allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. An attacker could execute remote code on a system running...

Debian dla-3299 : node-qs - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3299 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3299-1 [email protected] https://www.debian.org/lts/security/...

TOTOLINK A830R QUERY_STRING Command Injection Vulnerability

The TOTOLINK A830R is a dual-band wireless router that supports both 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 1200Mbps, making it suitable for home network coverage needs. The TOTOLINK A830R suffers from a command injection vulnerability that stems from its QUERYSTRING...