5 matches found
DEBIAN-CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...
PT-2014-7131 · Rejetto · Rejetto Http File Server
Name of the Vulnerable Software and Affected Versions: Rejetto HTTP File Server versions 2.3x prior to 2.3c Description: The issue allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. This is due to a problem in the findMacroMarker function in parserLib.pas...
Reflected cross-site scripting (XSS) in dosearchsite action
The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...
CVE-2006-6845
CVE-2006-6845 : CMS Made Simple 1.0.2 has a Cross-site scripting (XSS) vulnerability in index.php via the cntnt01searchinput parameter in a Search action, allowing remote attackers to inject arbitrary web script or HTML. The provided documents do not include remediation steps or fixed versions.
CVE-2006-1806
Cross-site scripting XSS vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action...