Path traversal

Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information...

CVE-2003-1511

Cross-site scripting XSS vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via 1 the query string to test.txt, 2 the guestName parameter to the custMsg servlet, or 3 the cookiename parameter to the CookieExample servlet...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

DEBIAN-CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...

CVE-2007-5112

Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...

CVE-2007-5112

CVE-2007-5112 is an XSS vulnerability in Google Urchin 5 (versions up to 5.7.03 and earlier) affecting the session.cgi (login page). The weakness allows remote attackers to inject arbitrary script/HTML via the query string, as described in the NVD entry. The impact noted includes potential creden...

CVE-2007-5036

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service HTTPS service outage via a crafted query string in an HTTPS request to 1 adLog.cgi, 2 post.cgi, or 3 ad.cgi, related to the "files filter."...

CVE-2007-4894

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user MU before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the posttype parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters...

wordpress -- remote sql injection vulnerability

Alexander Concha reports: While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like...

CVE-2007-4104

Multiple cross-site scripting XSS vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string...

Dora Emlak Script v1.0 (tr) Admin Login ByPass

Dora Emlak Script v1.0 tr Admin Login ByPass ilker kandemir ilkerkandemiratmynet.com Download: http://aspindir.com/goster/5027 TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug in ../dora/administartor/yonetim/patron/default.asp cookFirstLevel = Session"FirstLevelSecurity" 'Ilk Gьvenlik Session...

PHP parse_str() arbitrary variable overwrite

Title: PHP parsestr arbitrary variable overwrite Vendor: http://www.php.net/ Advisory: http://www.acid-root.new.fr/advisories/14070612.txt Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/06/12 Released on: 2007/06/12 Risk level: Medium / High I.BACKGROUND Quote from php.net PHP is a...

CVE-2007-3087

Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information...

CVE-2007-2627

Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...

CVE-2006-7149

Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...

CVE-2006-7149

Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via 1 the query string to a index.php, which reflects the string in an error message from modlogin.php; and the 2 mcname parameter to b moscomment.php and c comcomment.ph...

CVE-2007-1177

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...