CVE-2026-42224 ipl/web is vulnerable to reflected XSS by malformed search requests

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via malformed search requests. An attacker can execute arbitrary JavaScript in the context of the application by tricking a victim into visiting a specially crafted website. Workaround This vulnerability can be...

CVE-2020-12070

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php...

EUVD-2012-3529

Malware in sbrugna...

OpenLDAP Integer Underflow (CVE-2020-36228)

A denial-of-service vulnerabilities exists in the slapd of OpenLDAP. The vulnerabily is due to improper input validation in controls in LDAP search requests. A remote attacker can exploit these vulnerabilities by sending a crafted query to the target OpenLDAP server...

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...

Denial Of Service (DoS)

389-ds-base is vulnerable to denial of service. The vulnerability exists due to a double-free found in the way 389-ds-base handles virtual attributes context in persistent searches allowing an attacker to crash the system by sending a series of search requests...

CVE-2021-4091

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2018-1439)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : 389-ds-base (EulerOS-SA-2018-1440)

According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - 389-ds-base: Mishandled search requests in servers/slapd/search.c:dosearch allows for denial of service CVE-2018-14648 Note that Tenable Netwo...

389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service

It was found that a specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

Ubuntu Update for openldap vulnerabilities USN-551-1

Ubuntu Update for Linux kernel vulnerabilities USN-551-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5511.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openldap vulnerabilities USN-551-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Apache Roller q Parameter XSS

The remote host is running Apache Roller, a multi-user blog server written in Java. The version of Apache Roller installed on the remote host fails to sanitize user input to the 'q' parameter of search requests before including it in dynamic HTML output. An attacker may be able to leverage this...

CVE-2008-2930

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service CPU consumption and search outage via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem...

CVE-2008-3283

CVE-2008-3283 affects Red Hat Directory Server 7.1 (before SP7), Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier. The vulnerability is due to memory leaks that can be exploited remotely to cause a denial of service via the authentication/bind phase and via anonymous LDAP...

Server: multiple memory leaks

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service memory consumption via vectors involving 1 the authentication / bind phase and 2 anonymous LDAP search...

Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests

Overview Verity's Ultraseek application contains a cross-site scripting vulnerability in the processing of search requests. Description Verity Ultraseek is a web site search engine application. Ultraseek contains a cross-site scripting vulnerability in the processing of search requests. More...

FirstClass DoS

/Search requests flood causes server to fail...