18 matches found
EUVD-2014-9256
Malware in sbrugna...
EUVD-2014-9255
Malware in sbrugna...
CVE-2014-9434
Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...
CVE-2014-9435
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...
Multiple SQL Injection Vulnerabilities in Absolut Engine
Absolut Engine is a press release system. Absolut Engine has multiple SQL injection vulnerabilities. Due to the program failing to adequately filter user-supplied input. An attacker could exploit the vulnerabilities to compromise the application and access or modify data...
Absolut Engine Cross-Site Scripting Vulnerability
Absolut Engine is a press release system. A cross-site scripting vulnerability exists in Absolut Engine. Due to the program failing to adequately filter user-supplied input. An attacker could exploit the vulnerability to steal cookie-based authentication credentials...
CVE-2014-9435
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...
CVE-2014-9434
Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...
Sql injection
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...
CVE-2014-9435
CVE-2014-9435 has concrete details in connected documents: Absolut Engine 1.73 contains multiple SQL injection vulnerabilities allowing remote authenticated users to execute arbitrary SQL via (1) sectionID in admin/managersection.php, (2) userID in admin/edituser.php, (3) username in admin/admin....
CVE-2014-9435
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...
CVE-2014-9434
Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...
CVE-2014-9434
CVE-2014-9434 describes a cross-site scripting (XSS) vulnerability in the Absolut Engine 1.73 administrative backend, specifically in the file path admin/managerrelated.php. The issue allows remote authenticated users to inject arbitrary web script or HTML through the title parameter. The connect...
Absolut Engine 1.73 - Multiple Vulnerabilities
CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...
Absolut Engine 1.73 - Multiple Vulnerabilities
Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Advisory ID: SROEADV-2014-08 Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL: http://www.absolutengine.com/ Vendor Status: solved CVE-ID: - ========================== Vulnerability...
Absolut Engine 1.73 - Multiple Vulnerabilities
Absolut Engine 1.73 - Multiple Vulnerabilities Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Advisory ID: SROEADV-2014-08 Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL: http://www.absolutengine.com/ Vendor Status: solved...
Absolut Engine 1.73 Cross Site Scripting / SQL Injection
Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS Advisory ID: SROEADV-2014-08 Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL: http://www.absolutengine.com/ Vendor Status: solved CVE-ID: - ========================== Vulnerability...