Lucene search
K

754 matches found

Cvelist
Cvelist
added 2005/08/16 4:0 a.m.19 views

CVE-2004-2325

Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...

5.9AI score0.01187EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2005/06/16 12:0 a.m.36 views

DNN (DotNetNuke) < 3.0.12 Multiple XSS

The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script code. %NASLMINLEVEL 70300 This script was written by Josh Zlatin-Amishav...

4.3CVSS5.7AI score0.01342EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/05/19 4:0 a.m.21 views

CVE-2005-0040

Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...

5.7AI score0.01342EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2005/05/19 4:0 a.m.4 views

CVE-2005-0040

Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...

4.3CVSS5.2AI score0.01342EPSS
Exploits0References8
NVD
NVD
added 2005/05/19 4:0 a.m.17 views

CVE-2005-0040

Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...

4.3CVSS5.7AI score0.01342EPSS
Exploits0References6
CVE
CVE
added 2005/05/19 4:0 a.m.53 views

CVE-2005-0040

DotNetNuke (DNN) before 3.0.12 is affected by multiple XSS vulnerabilities (CVE-2005-0040) that allow remote attackers to inject script via (1) the register-a-new-user page, (2) the User-Agent header, and (3) the Username field, due to improper quoting before logging. Affected versions are

4.3CVSS5.8AI score0.01342EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2005/05/17 12:0 a.m.31 views

DotNetNuke &#40;Multiple XSS&#41;

Security Advisory ----------------- Advisory Name: Multiple DotNetNuke Cross Site Scripting XSS Vulnerabilities Release Date: 16/05/2005 Application: DotNetNuke Multiple versions affected Platform: Microsoft Windows Versions Affected: Versions below 3.0.12 Severity: Allows unauthenticated cross...

4.3CVSS0.9AI score0.01342EPSS
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.13 views

CVE-2004-2325

Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References5
NVD
NVD
added 2004/12/31 5:0 a.m.24 views

CVE-2004-2323

DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...

5CVSS7.1AI score0.014EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2004/12/31 5:0 a.m.6 views

CVE-2004-2324

SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...

7.5CVSS5.7AI score0.01221EPSS
Exploits0References6
NVD
NVD
added 2004/12/31 5:0 a.m.17 views

CVE-2004-2324

SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...

7.5CVSS7.6AI score0.01221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2004/12/31 5:0 a.m.3 views

CVE-2004-2325

Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS5.4AI score0.01187EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2004/12/31 5:0 a.m.3 views

CVE-2004-2323

DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...

5CVSS5.7AI score0.014EPSS
Exploits0References6
securityvulns
securityvulns
added 2004/02/09 12:0 a.m.40 views

Dotnetnuke Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------ DOTNETNUKE MULTIPLE VULNBERABILITIES - - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/?429 1 Source Code & File Access; Severity : Highly...

6.3AI score
Exploits0
Rows per page
Query Builder