13 matches found
RiSearch 0.99 /RiSearch Pro 3.2.6 show.pl Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A...
RiSearch 0.99 /RiSearch Pro 3.2.6 show.pl Open Proxy Relay
No description provided by source. source: http://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch PHP: crossite scripting...
Cross-Site Scripting vulnerability in RiSearch PHP
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в RiSearch PHP это локальный поисковый движок. XSS: http://site/search/searchru.php?query=223E3Cscript3Ealertdocument.cookie3C/script3E Уязвимы старые версии движка. Последняя версия движка уже неуязвима...
Cross-Site Scripting vulnerability in RiSearch
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в RiSearch это локальный поисковый движок. XSS: http://site/search.pl?query=3Cscript3Ealertdocument.cookie3C/script3E Уязвима версия RiSearch 0.99.02 и все предыдущие, а также потенциально последующие версии...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch: crossite scripting...
RiSearch和RiSearchPro多个安全漏洞 Exploit
No description provided by source. Phil Robinson、Gerald Gallagher和Kendric Tang提供了如下测试方法: http://10.0.0.0/cgi-bin/search/show.pl?url=http://www.google.com http://10.0.0.0/cgi-bin/search/show.pl?url=http://192.168.0.1 http://10.0.0.0/cgi-bin/search/show.pl?url=http://localhost:8080...
RiSearch Arbitrary File Access Vulnerability - Active Check
RiSearch is prone to a flaw that may lead to an unauthorized information disclosure. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2004-2061
RiSearch shows a vulnerability in the show.pl CGI script that allows an attacker to use the remote host as an open proxy and to read arbitrary local files by passing a url parameter with http://, ftp://, or file://. Affected software/versions include RiSearch 1.0.01 and RiSearch Pro 3.2.06. The u...
RiSearch show.pl Arbitrary File Access
The remote host appears to be running RiSearch, a local search engine. This version contains an information disclosure vulnerability. Passing a local file URI to 'show.pl' reveals that file's contents. A remote attacker could use this information to read arbitrary files from the system, which cou...
RiSearch show.pl Open Proxy Relay
The remote host seems to be running RiSearch, a local search engine. There is a flaw in the CGI 'show.pl' which is bundled with this software that could allow an attacker to use the remote host as an open proxy by doing a request like :...
IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...
CVE-2004-2061
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a 1 http://, 2 ftp://, or 3 file:// URL...