Cross site scripting

Cross-site scripting XSS vulnerability in module/search/function.php in Ganesha Digital Library GDL 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action...

WordPress Plugin AJAX Post Search 'the_search_function' SQL Injection Vulnerability

WordPress is a content management system developed using the PHP language. WordPress plugin AJAX Post Search 'thesearchfunction' suffers from a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the 'thesearchtext' parameter...

Typo3 JobControl 2.14.0 - Cross Site Scripting / SQL Injection

No description provided by source. Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl dmmjobcontrol Multiple Vulnerabilities Product: dmmjobcontrol Typo3 Extension Affected versions: 2.14.0 Impact: high Remote: yes Product...

CVE-2014-7201

Multiple SQL injection vulnerabilities in the search function in pi1/class.txdmmjobcontrolpi1.php in the JobControl dmmjobcontrol extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the 1 education, 2 region, or 3 sector fields, as demonstrated by t...

CVE-2014-7201

Multiple SQL injection vulnerabilities in the search function in pi1/class.txdmmjobcontrolpi1.php in the JobControl dmmjobcontrol extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the 1 education, 2 region, or 3 sector fields, as demonstrated by t...

Privilege escalation

The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function...

CVE-2014-4757

The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function...

CVE-2014-4757

CVE-2014-4757 affects the Outlook Extension in IBM Content Collector (version 4.0.0.x) prior to 4.0.0.0-ICC-OE-IF004. The issue lets local users bypass the Reviewer privilege and read e-mail messages from an arbitrary mailbox by invoking the Search function. The NVD entry lists a low severity (CV...

myprivatetutor.my XSS vulnerability

Open Bug Bounty ID: OBB-47167 Description| Value ---|--- Affected Website:| myprivatetutor.my Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

TWiki Search Function Arbitrary Command Execution

No description provided by source. $Id: twikisearch.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

PHPNuke Splatt Forum 4.0 Module Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7483/info Splatt Forum is a public message board plugin designed to be used with PHPNuke. It has been reported that Splatt Forum does not sufficiently filter user supplied URI parameters for the Splatt Forum 'Search'...

CMScout (XSS/HTML Injection) Multiple Vulnerabilities

No description provided by source. ======================================================================= CMScout XSS/HTML Injection Multiple Vulnerabilities =======================================================================...

Google Toolbar 1.1.60 Search Function Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5477/info Reportedly, when the Google Toolbar receives a search query it may cause Microsoft Internet Explorer to crash. When a user views a malicious web page it will cause the Google Toolbar to throw an exception in...

Facebook Privacy Feature Gone for Good

Late last year the world’s largest social network announced that it would begin removing a popular privacy feature that let users regulate whether other users could search for and locate their profiles with the Facebook search function. At the time of its initial announcement, the social networki...

IBM WebSphere Commerce 拒绝服务漏洞(CVE-2013-2992)

BUGTRAQ ID: 62093 CVECAN ID: CVE-2013-2992 IBM WebSphere Commerce是业界领先的下一代电子商务解决方案。 IBM WebSphere Commerce 7.0在"search"功能的实现上存在拒绝服务漏洞，根据搜索条目关联配置情况，远程攻击者通过特制的查询，利用此漏洞可造成服务停止影响。 0 IBM WebSphere Commerce Enterprise 7.x IBM WebSphere Commerce 7.x 厂商补丁： IBM --- IBM已经为此发布了一个安全公告（21648644）以及相应补丁:...

CodeBlocks 12.11 (OSX) - Crash (PoC)

Exploit Title: CodeBlocks 12.11 Mac OS X Crash POC Date: 27-05-2013 Exploit Author: ariarat Vendor Homepage: http://www.codeblocks.org Software Link: http://sourceforge.net/projects/codeblocks/files/Binaries/12.11/MacOS/codeblocks-12.11-mac.dmg Version: 12.11 Tested on: Mac OS X 10.7.5...

PayPal.com Cross Site Scripting

Hello all! I'm Robert Kugler a 17 years old German student who's interested in securing computer systems. I would like to warn you that PayPal.com is vulnerable to a Cross-Site Scripting vulnerability! PayPal Inc. is running a bug bounty program for professional security researchers...

CVE-2013-0786

The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...

Design/Logic Flaw

The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...

CVE-2013-0786

The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...