RSS   Vulnerabilities for 'Mini search appliance'   RSS

2014-05-08
 
CVE-2014-0362

CWE-79
 

 
Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element.

 
2007-10-06
 
CVE-2007-5255

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI.

 
2006-12-01
 
CVE-2006-6223

 

 
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.

 
2006-09-27
 
CVE-2006-5019

CWE-Other
 

 
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.

 
2005-11-22
 
CVE-2005-3758

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

 
 
CVE-2005-3757

CWE-Other
 

 
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

 
 
CVE-2005-3756

CWE-Other
 

 
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.

 
 
CVE-2005-3755

CWE-Other
 

 
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.

 
 
CVE-2005-3754

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.

 

 >>> Vendor: Google 67 Products
Toolbar
TALK
Mini search appliance
Search appliance
Api search
Earth
Desktop
Web toolkit
Custom search engine
Picasa
KML
Android sdk
Google apps
Chrome
Gears
Android
V8
Google sketchup
Chrome os
App engine python sdk
Idapython
Cr-48 chromebook
Chr2000ome
Sketchup
Chrome2000
Chrom2000e
Bionic
Tunnelblick
Admob
Checkout-php
Cityhash
Android sdk tools
Chrome frame
Frame
Google authenticator
Authenticator
Glass
Android api
Search appliance software
Android debug bridge
Android sdk platform tools
Android browser
Nexus 7
Calendar events
Email
Play services sdk
Kubernetes
Android one
Sfntly
GRPC
Google i/o 2017
News and weather
Protobuf
Gmail
Boringssl
Santa
Chromecast firmware
Home firmware
Mod pagespeed
Rendertron
Cardboard
Kubernetes engine
Guava
Tensorflow
Snappy
Nexus 7 firmware
Nexus 9 firmware


Copyright 2019, cxsecurity.com

 

Back to Top