24 matches found
EUVD-2006-6077
Malware in sbrugna...
EUVD-2006-6079
Malware in sbrugna...
EUVD-2006-6078
Malware in sbrugna...
ActiveNews Manager default.asp page Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...
ActiveNews Manager activenews_view.asp articleID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...
ActiveNews Manager activenews_search.asp query Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...
CVE-2006-6094
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the 1 catID parameter to activeNewscategories.asp, the 2 articleID parameter to activeNewscomments.asp, or the 3 query parameter to activenewssearch.asp...
CVE-2006-6096
Cross-site scripting XSS vulnerability in activenewssearch.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter...
CVE-2006-6095
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the 1 articleID parameter to activenewsview.asp or the 2 page parameter to default.asp. NOTE: the activeNewscategories.asp and activeNewscomments.asp vectors are already cover...
CVE-2006-6094
CVE-2006-6094 refers to multiple SQL injection vulnerabilities in ActiveNews Manager, exposed via (1) catID in activeNews_categories.asp, (2) articleID in activeNews_comments.asp, and (3) query in activenews_search.asp. Connected records corroborate that these are remote SQL injection flaws allow...
CVE-2006-6094
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the 1 catID parameter to activeNewscategories.asp, the 2 articleID parameter to activeNewscomments.asp, or the 3 query parameter to activenewssearch.asp...
CVE-2006-6095
ActiveNews Manager is affected by CVE-2006-6095 via multiple SQL injection vulnerabilities. The issues allow remote attackers to execute arbitrary SQL commands through (1) the articleID parameter to activenews_view.asp or (2) the page parameter to default.asp; the CVE also notes that the vectors ...
CVE-2006-6096
CVE-2006-6096 : In the ActiveNews Manager web app, the parameter in activenews_search.asp is vulnerable to cross-site scripting (XSS) , allowing remote attackers to inject arbitrary script/HTML. Affected component: ActiveNews Manager (web interface). Impact per the entry: possible exploitation of...
CVE-2006-6095
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the 1 articleID parameter to activenewsview.asp or the 2 page parameter to default.asp. NOTE: the activeNewscategories.asp and activeNewscomments.asp vectors are already cover...
CVE-2006-6096
Cross-site scripting XSS vulnerability in activenewssearch.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter...
[Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory : http://www.aria-security.com/forum/showthread.php?t=33 ----------------------------------------------------------- Software: ActiveNews Manager Method: SQL Injection And Cross Site...
ActiveNews Manager - 'query' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
ActiveNews Manager - articleId SQL Injection (1)
ActiveNews Manager - articleId SQL Injection 1 source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied...
ActiveNews Manager - 'articleId' SQL Injection (1)
source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...
ActiveNews Manager - articleId SQL Injection (2)
ActiveNews Manager - articleId SQL Injection 2 source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied...