SIGMA Lite & Lite + Security Vulnerabilities
Expinion.net News Manager Lite 2.5 - 'NEWS_LOGIN?admin' Cookie Authentication Bypass
...
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - comment_add.asp Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - comment_add.asp Cross-Site...
-0.1AI Score
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - more.asp?ID SQL Injection
Expinion.net News Manager Lite 2.5 - more.asp?ID SQL...
0.5AI Score
The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with...
6.7AI Score
0.006EPSS
eCommerce Corporation Online Store Kit 3.0 - shop_by_brand.php?cat_manufacturer SQL Injection
eCommerce Corporation Online Store Kit 3.0 - shop_by_brand.php?cat_manufacturer SQL...
0.3AI Score
ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro) Published: 17 february 2004 Released: 17 february 2004 Name: Online Store Kit Products (Lite - Standard - Pro) Affected Systems: 3.0 Issue: Sql Injection Vulnerability....
AI Score
...
7.4AI Score
EPSS
-0.4AI Score
[Full-Disclosure] CactuSoft CactuShop 5.0 Lite shopping cart software backdoor
S-Quadra Advisory #2004-02-06 Topic: CactuSoft CactuShop 5.0 Lite shopping cart software backdoor Severity: High Vendor URL: http://www.cactushop.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040206.txt Release date: 06 Feb 2004 DESCRIPTION CactuShop is an ASP application for...
-0.1AI Score
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote)...
5.7AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote)...
5.9AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote)...
5.7AI Score
0.006EPSS
SnapStream PVS LITE Cross Site Scripting Vulnerabillity
Application: SnapStream PVS Vendor : http://www.snapstream.com Versions: LITE Platforms: Windows/Unix Bug: Cross Site Scripting Vulnerabillity Risk: Low Exploitation: Remote with browser Date: 6 Jan 2004 Author: Rafel...
0.4AI Score
7.4AI Score
EPSS
-0.3AI Score
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or...
7.3AI Score
0.006EPSS
-0.4AI Score
[Full-Disclosure] SECURITY ADVISORY
SECURITY ADVISORY IMPACT: DoS SEVERITY: High VENDOR: http://www.Wap-Serv.com CONTACT: [email protected] , +44 (0)1628 634240 PRODUCT: http://www.wap-serv.com/product.htm WapServ Lite, WapServ Pro, WapServ Enterprise DISTRIBUTION: ALREADY NOTIFIED PUBLIC DOMAIN AND VENDOR...
-0.4AI Score
ICQ Pro 2003a Password Bypass exploit (ca1-icq.asm)
Exploit for unknown platform in category local...
6.8AI Score
7.4AI Score
0.2AI Score
7.1AI Score
Software: ICQ 2003a Threat: Login password can be bypassed locally I have found a vulnerability in ICQ Pro 2003a that allows anyone to connect to ICQ server using any account registered locally regardless the 'save password' option is checked or not. High level security password is also...
0.4AI Score
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious...
7AI Score
0.0004EPSS
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious...
6.6AI Score
0.0004EPSS
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious...
6.6AI Score
0.0004EPSS
bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger ...
1.3AI Score
During installation Interactive Users: Full Control permission is added to executables...
4.5AI Score
-0.2AI Score
Upload Lite upload.cgi Arbitrary File Upload
The Upload Lite (upload.cgi) CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server. Note that Nessus did not test whether uploads are possible, only that the script...
-0.2AI Score
Vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host.
There is a vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host. The exploit was tested on Windows and as far as I know it will only work on windows.. It will not work on *nix because of file permissions. Upload Lite 3.22 from...
-0.6AI Score
1.4AI Score
3.2AI Score
Security bug in CGI::Lite::escape_dangerous_chars() function
SUBJECT Security bug in CGI::Lite::escape_dangerous_chars() function, part of the CGI::Lite 2.0 package, and earlier revisions thereof. SUMMARY The CGI::Lite::escape_dangerous_chars() function fails to escape the entire set of special characters that may have...
0.3AI Score
Cyboards Remote Code Execution
Cyboards PHP Lite Vulnerability ( By Mindwarper :: [email protected] :: ) <------- -------> Vendor Information: Homepage : http://www.gold-sonata.com Vendor : informed Mailed advisory: 13/01/03 Vender Response : None yet (possibly because they have no contact page and the report was sent to...
2.2AI Score
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or...
5.8AI Score
0.002EPSS
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to...
6.8AI Score
0.012EPSS
An unknown service was found running on this port. Trojan Horses and other malware may sometimes open these ports to allow remote access to the machine. Ensure that this port is intended to be open and controlled by legitimate software installed by the...
7.1AI Score
Multiple buffer overflow vulnerabilities in QNX
Overview Multiple buffer overflow vulnerabilities have been reported in QnX. Description QnX is an RTOS (Realtime Operating System). QnX is used in many different devices and industries, including, but not limited to, * Routers * Manufacturing and Processing * Medical Equipment * Automotive and...
0.2AI Score
Web Server Directory Enumeration
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...
9.6AI Score
0.002EPSS
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET...
8.1AI Score
0.017EPSS
Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .....
8.2AI Score
0.017EPSS
Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port...
7AI Score
0.013EPSS
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP...
6.6AI Score
0.013EPSS
Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP...
6.7AI Score
0.024EPSS
Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port...
6.6AI Score
0.013EPSS
Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP...
7AI Score
0.024EPSS
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP...
7AI Score
0.013EPSS
Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port...
6.6AI Score
0.013EPSS