Searching resulting software vulnerabilities

AdLibrary.pm in AdCycle 0.78b allows remote att

AdLibrarypm | privileges | attackers | malformed | AdCycle | allows | remote | 078b | gain | via |

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.


Cross-site scripting (XSS) vulnerability in Vis

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.


PHP, when installed with Apache and configured

configured | resulting | attackers | installed | pathname | indexphp | reveals | message | OPTIONS | default | method | server | obtain | Apache | search | allows | remote | which | error | HTTP | full | page | PHP | web | via |

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.


emumail.cgi in EMU Webmail 5.0 allows remote at

containing | expression | emumailcgi | determine | generates | malformed | resulting | attackers | includes | matching | pathname | message | Webmail | regular | allows | remote | string | script | error | which | full | EMU | via |

emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.


ImageFolio 2.23 through 2.27 allows remote atta

ImageFolio |

ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message.


Musicqueue 1.2.0 allows local users to overwrit

Musicqueue |

Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.


Cross-site scripting (XSS) vulnerability in SCI

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.


Cross-site scripting (XSS) vulnerability in Res

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.


Cross-site scripting (XSS) vulnerability in Che

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.


BadBlue 2.4 allows remote attackers to obtain t

installation | phptestphp | attackers | resulting | location | includes | pathname | request | BadBlue | remote | allows | obtain | source | server | which | HTML | path | via |

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.


MercuryBoard 1.1.1 allows remote attackers to g

MercuryBoard |

MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.


CRLF injection vulnerability in search.php in P

vulnerability | Splitting | attackers | resulting | parameter | searchphp | injection | Location | Response | included | attacks | perform | allows | header | Phorum | remote | which | 5014a | HTTP | CRLF | body | via |

CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.


Golden FTP Server Pro allows 2.52 allows remote

Server | allows | Golden | Pro | FTP |

Golden FTP Server Pro allows 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.


Cross-site scripting (XSS) vulnerability in Ori

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.


Cross-site scripting (XSS) vulnerability in Com

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.


Google Mini Search Appliance, and possibly Goog

arbitrary | attackers | comparing | resulting | determine | Appliance | messages | possibly | modified | targets | Google | allows | closed | Search | remote | error | ports | hosts | port | open | Mini | then | URLs | scan | via |

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.


property.php in Widget Property 1.1.19 allows r

propertyphp | Property | Widget |

property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message.


eFiction 1.0, 1.1, and 2.0 allows remote attack

storyblockphp | information | arguments | sensitive | resulting | attackers | eFiction | pathname | message | without | request | allows | remote | direct | obtain | error | which | leaks | full | via | PHP |

eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.


Software vulnerabilities results 1 to 20 of 110     
Page: 123456