CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Brother MFC-9970CDW printer with firmware L 1.10 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 val parameter to admin/adminmain.html; 3 id, 4 val, or 5 arbitrary parameter name QUERYSTRING to...

PT-2014-2130 · Red Hat · Spacewalk

Name of the Vulnerable Software and Affected Versions: Spacewalk version 1.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the QueryString to the "SystemGroupList.do" page. This could potentially lead to unauthorized actions on th...

Cross site scripting

Cross-site scripting XSS vulnerability in e107plugins/content/handlers/contentpreset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 aka 5.33.946.0 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2013-2504

Cross-site scripting XSS vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 aka 5.33.946.0 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2013-4716

Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2013-4716

Cross-site scripting XSS vulnerability in Tattyan HP TOWN 593 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

PHP < 5.3.12 / 5.4.x < 5.4.2 CGI Query String Code Execution

Binary data 6993.prm...

DEBIAN-CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

Spoofing

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

csrf

This plugin finds Cross Site Request Forgeries csrf vulnerabilities. The simplest type of csrf is checked to be vulnerable, the web application must have sent a permanent cookie, and the aplicacion must have query string parameters. Plugin type Audit Options This plugin doesnt have any user...

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

Backupbuddy 2.2.4 Sensitive Data Exposure

Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...

Route Parameter Injection Via Query String in Zend\Mvc

More info at https://framework.zend.com/security/advisory/ZF2013-01...

[SECURITY] Fedora 16 Update: perl-CGI-3.52-203.fc16

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...