Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

[SECURITY] Fedora 20 Update: nodejs-qs-0.6.6-3.fc20

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

[SECURITY] Fedora 19 Update: nodejs-qs-0.6.6-3.fc19

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

[SECURITY] Fedora 21 Update: nodejs-qs-0.6.6-3.fc21

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

CVE-2012-4226

Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...

CVE-2012-4226

Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

Cisco WebEx Meetings Server Web Framework Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could exploit this vulnerability by viewing applicatio...

Envoy: Too much sensitive information in GET https://signwithenvoy.com/device_config/preview_badge

The page was loaded from a URL containing a query string:...

Design/Logic Flaw

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string...

CVE-2014-0867

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string...

Psunami Bulletin Board 0.x Psunami.CGI Remote Command Execution Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/6607/info Psunami Bulletin Board is prone to a remote command execution vulnerability. Psunami does not sufficiently sanitize shell metacharacters from query string parameters. As a result, it may be possible for a remote...

LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...

SWSoft ASPSeek 1.0 s.cgi Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2492/info A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by...

Super Site Searcher Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are the...

PHP 4.x SafeMode Arbitrary File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, and...

Foxit Reader <= 5.4.4.1128 Firefox Plugin npFoxitReaderPlugin.dll Stack Buffer Overflow

No description provided by source. ?php / Foxit Reader = 5.4.4.1128 Plugin for Firefox npFoxitReaderPlugin.dll Overlong Query String Remote Stack Buffer Overflow PoC --------------------------- rgod listener Tested against Microsoft Windows Mozilla Firefox 17.0.1 Foxit Reader 5.4.3.0920 Foxit...

Adobe ColdFusion Server <= 8.0.1 wizards/common/_logintowizard.cfm Query String XSS

No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

Adobe ColdFusion Server <= 8.0.1 administrator/enter.cfm Query String XSS

No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...