41 matches found
EUVD-2007-3010
Malware in sbrugna...
EUVD-2007-3009
Malware in sbrugna...
EUVD-2007-3005
Malware in sbrugna...
ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation...
ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
CVE-2011-0678
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm...
CVE-2011-0678
CVE-2011-0678 affects Lomtec ActiveWeb Professional 3.0, via the EasyEdit module. The Unrestricted file upload vulnerability exists in the getImagefile component (EasyEdit.cfm), allowing an attacker to upload an executable file through UploadDirectory and Accepted Extensions fields to achieve rem...
Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212)
------------------------------------------------------------------------------------- www.ExploitDevelopment.com 2010-WEB-002 CERT VU870532 Security Focus BID 45985 ------------------------------------------------------------------------------------- TITLE: Lomtec ActiveWeb Professional 3.0 CMS...
Lomtec ActiveWeb Professional 3.0 CMS Shell Upload / SYSTEM Execution
------------------------------------------------------------------------------------- www.ExploitDevelopment.com 2010-WEB-002 CERT VU870532 Security Focus BID 45985 ------------------------------------------------------------------------------------- TITLE: Lomtec ActiveWeb Professional 3.0 CMS...
ActiveWeb Professional 3.0 - Arbitrary File Upload
ActiveWeb Professional 3.0 - Arbitrary File Upload source: https://www.securityfocus.com/bid/45985/info ActiveWeb Professional is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload...
ActiveWeb Professional 3.0 - Arbitrary File Upload
source: https://www.securityfocus.com/bid/45985/info ActiveWeb Professional is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; successf...
Lomtec ActiveWeb Professional 3.0 CMS allows arbitrary file upload and execution
Overview Lomtec ActiveWeb Professional 3.0 web content management server allows unauthenticated users to upload arbitrary files. Description According to Lomtec's website: "Lomtec ActiveWeb offers an ideal solution for the creation, maintenance and administration of a Web site and its content. "...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
Design/Logic Flaw
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
Design/Logic Flaw
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3018
CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
ActiveWeb Contentserver Picture_Real_Edit.ASP SQL注入漏洞
ActiveWeb Contentserver是一款基于ASP的WEB应用程序。 ActiveWeb Contentserver不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'picturerealedit.asp'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 activeWeb contentserver 5.6.2929 升级到5.6.2964版本: http://www.active-web.de/aw/home/Produkte/gf/contentserver/...