Search Engine
by Altavista
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1036 | 0.04 | — | 0.07 | Oct 4, 2002 | Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters. | |||
| CVE-2009-3153 | 0.03 | — | 0.00 | Sep 10, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3)… | |||
| CVE-2000-0039 | 0.03 | — | 0.04 | Dec 29, 1999 | AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. | |||
| CVE-2007-3486 | 0.00 | — | 0.00 | Jun 28, 2007 | Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI. | |||
| CVE-2005-4284 | 0.00 | — | 0.01 | Dec 16, 2005 | Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the… | |||
| CVE-2005-3866 | 0.00 | — | 0.01 | Nov 29, 2005 | Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search. | |||
| CVE-2002-0537 | 0.00 | — | 0.02 | Jul 3, 2002 | The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS. |
- CVE-2002-1036Oct 4, 2002risk 0.04cvss —epss 0.07
Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters.
- CVE-2009-3153Sep 10, 2009risk 0.03cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3)…
- CVE-2000-0039Dec 29, 1999risk 0.03cvss —epss 0.04
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.
- CVE-2007-3486Jun 28, 2007risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI.
- CVE-2005-4284Dec 16, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the…
- CVE-2005-3866Nov 29, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.
- CVE-2002-0537Jul 3, 2002risk 0.00cvss —epss 0.02
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.