Lucene search
K

23 matches found

NVD
NVD
added 2026/01/29 3:16 p.m.7 views

CVE-2020-37010

BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...

9.8CVSS0.00436EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.2 views

CVE-2020-37010

BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...

9.8CVSS6.3AI score0.00436EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/29 2:28 p.m.7 views

CVE-2020-37010

CVE-2020-37010 affects BearShare Lite 5.2.5. The issue is a buffer overflow in the Advanced Search keywords input that can allow arbitrary code execution by crafting a payload to overwrite the EIP and run shellcode when content is pasted into the search keywords field. Documented impact is high (...

9.8CVSS6.3AI score0.00436EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/29 2:28 p.m.6 views

EUVD-2020-30905

BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...

9.8CVSS6.3AI score0.00436EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-4933

Malware in sbrugna...

6.8CVSS6.4AI score0.01251EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.21 views

WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting PoC Against any authenticated user: https://example.com/event-dashboard/?searchkeywords=aaaa"...

6.1CVSS6.1AI score0.00712EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2021/02/26 7:45 p.m.13 views

CVE-2021-21302 CSV Injection via csv export

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2...

6.8CVSS7.3AI score0.01374EPSS
Exploits0References3
OSV
OSV
added 2019/05/14 3:29 p.m.2 views

CVE-2019-8390

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter...

6.1CVSS6.3AI score0.08864EPSS
Exploits5References4
Exploit DB
Exploit DB
added 2019/02/18 12:0 a.m.76 views

qdPM 9.1 - &#039;search[keywords]&#039; Cross-Site Scripting

=========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

6.1CVSS6.5AI score0.08864EPSS
Exploits5
NVD
NVD
added 2018/12/28 4:29 p.m.23 views

CVE-2018-20572

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...

9.8CVSS9.9AI score0.01537EPSS
Exploits1References1
NVD
NVD
added 2018/07/23 8:29 a.m.11 views

CVE-2018-14515

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter...

9.8CVSS9.8AI score0.02002EPSS
Exploits1References1
CVE
CVE
added 2018/07/23 8:0 a.m.46 views

CVE-2018-14515

CVE-2018-14515 affects WUZHI CMS 4.1.0 and enables a remote SQL injection through the parameter in the URL index.php?m=promote&f=index&v=search keywords. Public reports describe an injection vector in the search keywords field, allowing attacker-controlled SQL statements. NVD lists CVSSv2 base sc...

9.8CVSS9.7AI score0.02002EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2012/01/25 4:3 a.m.13 views

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

5.8CVSS6.6AI score0.01054EPSS
Exploits1References1
Prion
Prion
added 2012/01/25 4:3 a.m.12 views

Code injection

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

5.8CVSS7.1AI score0.01054EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2012/01/25 2:0 a.m.24 views

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

6.6AI score0.01054EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2011/11/01 10:55 p.m.1 views

CVE-2010-4973

Cross-site scripting XSS vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the fsearchkeywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.7AI score0.00855EPSS
Exploits0References2
myhack58
myhack58
added 2011/09/08 12:0 a.m.17 views

aspcms Station system injection 0day-vulnerability warning-the black bar safety net

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...

0.4AI score
Exploits0
myhack58
myhack58
added 2011/08/15 12:0 a.m.25 views

aspcms corporate website system 0day(2.0 or above through the kill)and fix-vulnerability warning-the black bar safety net

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. The vulnerability appears in the...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/20 12:0 a.m.27 views

WordPress statspressCN 1.9.0 Stored Cross Site Scripting

Exploit Title: Wordpress statspressCN search Keywords stored XSS Date: 21-1-2010 Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/statpresscn.1.9.0.zip Version: wordpress3.0.4, StatsCN1.9.0 Tested on: Firefox 3.0.15, , IE 8 Info: This plugin shows you real time statisti...

7.4AI score
Exploits0
NVD
NVD
added 2006/09/23 1:7 a.m.18 views

CVE-2006-4947

Cross-site scripting XSS vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."...

6.8CVSS5.7AI score0.01251EPSS
Exploits0References5
Rows per page
Query Builder