31 matches found
EUVD-2008-2871
Malware in sbrugna...
EUVD-2008-2957
Malware in sbrugna...
EUVD-2008-2960
Malware in sbrugna...
EUVD-2008-2958
Malware in sbrugna...
EUVD-2008-2959
Malware in sbrugna...
Academic Web Tools CMS <= 1.4.2.8 - Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Academic Web Tools CMS Multiple Vulnerabilities Vendor: www.yektaweb.com Vulnerable Version: 1.4.2.8 and prior versions Exploit: Available Impact: Medium Fix: N/A Original Advisory: www.bugreport.ir/?/44 1...
Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/33944/info Yektaweb Academic Web Tools CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in t...
Yektaweb CMS Cross Site Scripting
================= IUT-CERT ================= Title: YEKTAWEB CMS XSS Vulnerability Vendor: www.yektaweb.com Dork: Powered by Academic Web Tools AWT - Yektaweb Collection Type: Input.Validation.Vulnerability cross-Site scripting Fix: N/A ================== nsec.ir ================= Description:...
Yektaweb Academic Web Tools CMS 1.4.2.81.5.7 - Multiple Cross-Site Scripting Vulnerabilities
Yektaweb Academic Web Tools CMS 1.4.2.81.5.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/33944/info Yektaweb Academic Web Tools CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input...
Academic Web Tools CMS Cross Site Scripting
============================================ IUT-CERT ============================================ Title: Academic Web Tools CMS Multiple XSS Vendor: www.yektaweb.com Vulnerable Version: 1.5.7 and priors Type: XSS Fix: N/A Dork: AWT YEKTA ============================================ nsec.ir...
Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/33944/info Yektaweb Academic Web Tools CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site,...
CVE-2008-2970
Multiple session fixation vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to 1 index.php and 2 login.php in homepg/...
Sql injection
SQL injection vulnerability in rating.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the bookid parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to login.php and the 2 glbsid parameter to hta/htmlarea.js.php, and allow remote authenticated...
CVE-2008-2967
Multiple cross-site scripting XSS vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to login.php and the 2 glbsid parameter to hta/htmlarea.js.php, and allow remote authenticated...
Session fixation
Multiple session fixation vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to 1 index.php and 2 login.php in homepg/...
CVE-2008-2969
Directory traversal vulnerability in download.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. dot dot in the dfile parameter...
Directory traversal
Directory traversal vulnerability in download.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. dot dot in the dfile parameter...
CVE-2008-2968
SQL injection vulnerability in rating.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the bookid parameter...
CVE-2008-2969
Directory traversal vulnerability in download.php in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. dot dot in the dfile parameter...