23 matches found
CVE-2020-37010
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...
CVE-2020-37010
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...
CVE-2020-37010
CVE-2020-37010 affects BearShare Lite 5.2.5. The issue is a buffer overflow in the Advanced Search keywords input that can allow arbitrary code execution by crafting a payload to overwrite the EIP and run shellcode when content is pasted into the search keywords field. Documented impact is high (...
EUVD-2020-30905
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...
EUVD-2006-4933
Malware in sbrugna...
WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting PoC Against any authenticated user: https://example.com/event-dashboard/?searchkeywords=aaaa"...
CVE-2021-21302 CSV Injection via csv export
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2...
CVE-2019-8390
qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter...
qdPM 9.1 - 'search[keywords]' Cross-Site Scripting
=========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...
CVE-2018-14515
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter...
CVE-2018-14515
CVE-2018-14515 affects WUZHI CMS 4.1.0 and enables a remote SQL injection through the parameter in the URL index.php?m=promote&f=index&v=search keywords. Public reports describe an injection vector in the search keywords field, allowing attacker-controlled SQL statements. NVD lists CVSSv2 base sc...
CVE-2011-4865
The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...
Code injection
The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...
CVE-2011-4865
The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...
CVE-2010-4973
Cross-site scripting XSS vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the fsearchkeywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
aspcms Station system injection 0day-vulnerability warning-the black bar safety net
aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...
aspcms corporate website system 0day(2.0 or above through the kill)and fix-vulnerability warning-the black bar safety net
aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. The vulnerability appears in the...
WordPress statspressCN 1.9.0 Stored Cross Site Scripting
Exploit Title: Wordpress statspressCN search Keywords stored XSS Date: 21-1-2010 Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/statpresscn.1.9.0.zip Version: wordpress3.0.4, StatsCN1.9.0 Tested on: Firefox 3.0.15, , IE 8 Info: This plugin shows you real time statisti...
CVE-2006-4947
Cross-site scripting XSS vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."...