25 matches found
EUVD-2007-3010
Malware in sbrugna...
EUVD-2007-3009
Malware in sbrugna...
EUVD-2007-3005
Malware in sbrugna...
ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation...
ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
Design/Logic Flaw
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
Design/Logic Flaw
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3018
CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
ActiveWeb Contentserver Picture_Real_Edit.ASP SQL注入漏洞
ActiveWeb Contentserver是一款基于ASP的WEB应用程序。 ActiveWeb Contentserver不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'picturerealedit.asp'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 activeWeb contentserver 5.6.2929 升级到5.6.2964版本: http://www.active-web.de/aw/home/Produkte/gf/contentserver/...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
Sql injection
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
CVE-2007-3013
CVE-2007-3013 affects activeWeb contentserver: SQL injection in the picture_real_edit.asp endpoint (id parameter) that can be exploited by editors with edit permission to execute arbitrary SQL. Affected versions were
CVE-2007-3014
CVE-2007-3014 affects activeWeb contentserver prior to 5.6.2964. The vulnerability is multiple cross-site scripting (XSS) flaws exploitable via the msg parameter in errors/rights.asp and errors/transaction.asp, and via the name of a MIME type when adding new mimetypes. Affected versions are
CVE-2007-3014
Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass source: https://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can...