CVE-2018-19828

Artica Integria IMS 5.0.83 has XSS via the searchstring parameter...

CVE-2018-3757

Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter...

CVE-2018-5715

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string aka a $key variable...

Puppet Enterprise console cross-site scripting vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. console is one of the console tools. ...

CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

SQL injection vulnerability in after_str parameter on JYmusic SongsController.class.php page

JYmusic is an open source cross-platform music management system. A SQL injection vulnerability exists in the afterstr parameter on the JYmusic SongsController.class.php page. A remote attacker can exploit the vulnerability to obtain sensitive database information...

Open redirect

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter...

CVE-2015-6501

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter...

CVE-2015-6501

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter...

PT-2017-7029

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2015.2.1 Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. This can be exploited to trick users into revealing...

Informatica: [kb.informatica.com] DOM based XSS in the bindBreadCrumb function

The bindBreadCrumb function, which is called after the document is loaded: javascript $document.readyfunction bindBreadCrumb; ; has the following insecure link assignments, that use non-encoded URL values: javascript strChild = "Search Results"; strChild = "Search Results"; strChild = "Search...

Null pointer dereference

The v9fsiovvunmarshal function in fsdev/9p-iov-marshal.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash by sending an empty string parameter to a 9P operation...

D-link IP camera DCS-2103 with firmware cross-site scripting vulnerability

D-link IP camera DCS-2103 is a camera for IP surveillance solution. A cross-site scripting vulnerability exists in D-link IP camera DCS-2103 with firmware versions prior to 1.20, which allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING parameter in vb.htm...

Parallels Plesk 8.2 URL Redirection

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability 1. OVERVIEW The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL Redirection when "Enable [email protected]" access format, a new feature introduced in Plesk 7.0, is enabled in user preferences. 2. BACKGROUND Parallels Plesk...

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

author: xy780sec.com from: A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end of conversion",in certain...

CVE-2009-1553

Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...

DEBIAN-CVE-2008-5080

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting XSS attacks via the querystring parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714...

PT-2008-6232 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.8 and earlier Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via the query string parameter, due to the incomplete removal of quote characters by awstats.pl. This problem exists...

CVE-2007-6669

Cross-site scripting XSS vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter...

CVE-2007-6669

Cross-site scripting XSS vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter...