Searching search software vulnerabilities

The Disney Go Express Search allows remote atta

information | connecting | attackers | Express | system | user's | server | modify | Disney | allows | Search | access | remote | users | HTTP |

The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.


Default configuration of the search engine in N

configuration | Enterprise | Netscape | Default | Server | search | engine |

Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.


Cross-site scripting vulnerability in Novell We

vulnerability | Cross-site | scripting | Search | Novell | Web |

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.


Centrinity FirstClass 7.1 allows remote attacke

information | checkboxes | Centrinity | FirstClass | sensitive | appending | directory | attackers | checking | searched | leaving | option | access | return | remote | allows | search | blank | which | files | field | text | end | URL | all |

Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.


The search module in Php-Nuke allows remote att

information | attackers | sensitive | Php-Nuke | remote | module | search | allows | gain | via |

The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.


Cross-site scripting (XSS) vulnerability in Kry

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field.


Cross-site scripting (XSS) vulnerability in ind

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.


Google Mini Search Appliance, and possibly Goog

arbitrary | attackers | comparing | resulting | determine | Appliance | messages | possibly | modified | targets | Google | allows | closed | Search | remote | error | ports | hosts | port | open | Mini | then | URLs | scan | via |

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.


SQL injection vulnerability in index.php in All

vulnerability | attackers | arbitrary | injection | parameter | indexphp | commands | execute | earlier | search | AllWeb | remote | allows | SQL | via |

SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.


SQL injection vulnerability in ls.php in Landsh

vulnerability | injection | Landshop | Commerce | Estate | System | lsphp | Real | SQL |

SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters.


The search functionality in XWiki 0.9.793 index

functionality | search | XWiki |

The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.


SQL injection vulnerability in the search modul

vulnerability | injection | search | module | SQL |

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.


Cross-site scripting (XSS) vulnerability in sea

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter.


SQL injection vulnerability in ls.php in SAMEDI

vulnerability | arbitrary | attackers | parameter | injection | commands | LandShop | execute | infield | SAMEDIA | allows | remote | lsphp | SQL | via |

SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter.


Multiple SQL injection vulnerabilities in Jooml

vulnerabilities | injection | Multiple | Joomla | SQL |

Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.


buscador/buscador.htm in Portal Search allows r

buscador/buscadorhtm | information | attackers | sensitive | obtain | Search | Portal | remote | allows |

buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.


Unspecified vulnerability in search/list/action

search/list/action_search/indexphp | form[search_term] | Manipulation" | vulnerability | Unspecified | attackers | parameter | relating | unknown | "Cookie | impact | allows | remote | beta | ACP3 | have | via |

Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter.


Multiple eval injection vulnerabilities in the

vulnerabilities | com_search | component | injection | Multiple | before | Joomla | eval | beta | RC1 |

Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search.


Software vulnerabilities results 1 to 20 of 560     
Page: 12345...29