754 matches found
CVE-2004-2325
Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...
DNN (DotNetNuke) < 3.0.12 Multiple XSS
The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script code. %NASLMINLEVEL 70300 This script was written by Josh Zlatin-Amishav...
CVE-2005-0040
Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...
CVE-2005-0040
Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...
CVE-2005-0040
Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...
CVE-2005-0040
DotNetNuke (DNN) before 3.0.12 is affected by multiple XSS vulnerabilities (CVE-2005-0040) that allow remote attackers to inject script via (1) the register-a-new-user page, (2) the User-Agent header, and (3) the Username field, due to improper quoting before logging. Affected versions are
DotNetNuke (Multiple XSS)
Security Advisory ----------------- Advisory Name: Multiple DotNetNuke Cross Site Scripting XSS Vulnerabilities Release Date: 16/05/2005 Application: DotNetNuke Multiple versions affected Platform: Microsoft Windows Versions Affected: Versions below 3.0.12 Severity: Allows unauthenticated cross...
CVE-2004-2325
Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...
CVE-2004-2323
DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...
CVE-2004-2324
SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...
CVE-2004-2324
SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...
CVE-2004-2325
Cross-site scripting XSS vulnerability in EditModule.aspx for DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML...
CVE-2004-2323
DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...
Dotnetnuke Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------ DOTNETNUKE MULTIPLE VULNBERABILITIES - - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/?429 1 Source Code & File Access; Severity : Highly...