21 matches found
EUVD-2007-0947
Malware in sbrugna...
EUVD-2023-57371
Malicious code in bioql PyPI...
All Vulnerabilities for koha.jgu.edu.in Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| koha.jgu.edu.in ---|--- Open Bug Bounty...
kaahe.org XSS vulnerability
Open Bug Bounty ID: OBB-607398 Description| Value ---|--- Affected Website:| kaahe.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
stcharlesborromeo.com XSS vulnerability
Open Bug Bounty ID: OBB-604252 Description| Value ---|--- Affected Website:| stcharlesborromeo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
sentrynet.us XSS vulnerability
Vulnerable URL: http://www.sentrynet.us/services/search.pl Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 20913791 VIP website status:| No Check sentrynet.us SSL connection:| Grade...
andrewjmartinez.com XSS vulnerability
Vulnerable URL: http://www.andrewjmartinez.com/search.pl?keyword=1%3Cimg%20src=x%20onerror=confirm%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9291224 VIP...
cgi.algonet.se XSS vulnerability
Vulnerable URL: http://cgi.algonet.se/htbin/cgiwrap/dennisgr/search.pl Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status...
radio.ru XSS vulnerability
Open Bug Bounty ID: OBB-59347 Description| Value ---|--- Affected Website:| radio.ru Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
Unfixed XSS vulnerability at www.forcedexposure.com
Security researcher jjbutler88, has submitted on 14/05/2009 a cross-site-scripting XSS vulnerability affecting www.forcedexposure.com, which at the time of submission ranked 426545 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/10/2010. It ...
Unfixed XSS vulnerability at www.itreviews.co.uk
Security researcher tenest, has submitted on 28/09/2008 a cross-site-scripting XSS vulnerability affecting www.itreviews.co.uk, which at the time of submission ranked 31793 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/09/2008. It is...
CVE-2008-0257
The CVE-2008-0257 entry describes a Cross-site scripting (XSS) vulnerability in Dansie Search Engine 2.7, specifically in search.pl, exploitable via the keywords parameter. This allows remote attackers to inject arbitrary web script or HTML. The public records provided do not specify affected ver...
Unfixed XSS vulnerability at www.alwayson.com
Security researcher holisticinfosec, has submitted on 14/01/2008 a cross-site-scripting XSS vulnerability affecting www.alwayson.com, which at the time of submission ranked 1542936 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 14/01/2008. It ...
Unfixed XSS vulnerability at www.b1.ru
Security researcher zuppergazi, has submitted on 06/03/2007 a cross-site-scripting XSS vulnerability affecting www.b1.ru, which at the time of submission ranked 3809358 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2007. It is currently...
CVE-2006-3155
Multiple cross-site scripting XSS vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 item parameter in a emailtofriend.pl or b violation.pl, 2 seller parameter in c vsoa.pl, 3 user parameter in d userask.pl or e leavefeed.pl...
CVE-2006-3155
This CVE (CVE-2006-3155) affects Ultimate Auction 1.0 and earlier. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via user-controlled input parameters in several scripts: (1) item parameter in emailtofrien...
CVE-2004-2656
CVE-2004-2656 refers to multiple cross-site scripting (XSS) vulnerabilities in the Slashdot Like Automated Storytelling Homepage (Slash) a.k.a. Slashcode, fixed in R_2_5_0_41. The flaws allow remote attackers to inject arbitrary web script or HTML via the topic parameter in search.pl and the filt...
CVE-2002-1036
CVE-2002-1036 describes a cross-site scripting vulnerability in the Fluid Dynamics Search Engine (FDSE), specifically in search.pl. The issue allows remote attackers to inject and execute web script via the Rank or Match parameters on FDSE versions prior to 2.0.0.0055. The only details available ...
ROADS search.pl form Parameter Traversal Arbitrary File Access
The 'search.pl' CGI from ROADS is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the HTTP daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...
CVE-2000-1176
CVE-2000-1176 describes a directory-traversal vulnerability in YaBB’s search.pl CGI script, permitting remote attackers to read arbitrary files by abusing a .. (dot dot) input in the catsearch form field. The issue is documented for YaBB SE configurations, including references to older plugins th...