EUVD-2018-21740

Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search...

CVE-2018-25238

VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application...

CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service

Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a...

CVE-2018-25243

FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation ...

CVE-2018-25240

Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the...

EUVD-2007-3403

Malware in sbrugna...

EUVD-2007-3289

Malware in sbrugna...

EUVD-2006-3378

Malware in sbrugna...

CVE-2020-8893

An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp...

CVE-2002-1931

Cross-site scripting XSS vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string...

WordPress plugin Verowa Connect 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Astrotalks SQL Injection Vulnerability

Astrotalks is a free online astrology prediction website from Astrotalks India. A SQL injection vulnerability exists in Astrotalks version 10/03/2023. An attacker can exploit the vulnerability by sending a specially crafted SQL query to the "searchString" parameter and retrieve all the informatio...

Sql injection

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address...

CVE-2023-49954

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address...

CVE-2023-38769

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php...

Atlas Business Directory Listing 跨站脚本漏洞

codecanyon Atlas Business Directory Listing is a system by codecanyon, Inc. A cross-site scripting vulnerability exists in Creativeitem Atlas Business Directory Listing version 2.13, which stems from a cross-site scripting XSS vulnerability in the parameter searchstring...

Atlas Business Directory Listing 2.13 Cross Site Scripting

Exploit Title: Atlas Business Directory Listing 2.13 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/atlas/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site...

GHSA-GJ2J-PPJQ-9PJG Moodle Cross-site scripting (XSS) vulnerability in course management search

Cross-site scripting XSS vulnerability in the searchpagination function in course/classes/managementrenderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string...

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...