25 matches found
EUVD-2007-3010
Malware in sbrugna...
EUVD-2007-3005
Malware in sbrugna...
EUVD-2007-3009
Malware in sbrugna...
ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation...
ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
Design/Logic Flaw
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
Design/Logic Flaw
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
ActiveWeb Contentserver Picture_Real_Edit.ASP SQL注入漏洞
ActiveWeb Contentserver是一款基于ASP的WEB应用程序。 ActiveWeb Contentserver不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'picturerealedit.asp'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 activeWeb contentserver 5.6.2929 升级到5.6.2964版本: http://www.active-web.de/aw/home/Produkte/gf/contentserver/...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3018
CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
Sql injection
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
CVE-2007-3014
Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...
CVE-2007-3013
CVE-2007-3013 affects activeWeb contentserver: SQL injection in the picture_real_edit.asp endpoint (id parameter) that can be exploited by editors with edit permission to execute arbitrary SQL. Affected versions were
CVE-2007-3014
CVE-2007-3014 affects activeWeb contentserver prior to 5.6.2964. The vulnerability is multiple cross-site scripting (XSS) flaws exploitable via the msg parameter in errors/rights.asp and errors/transaction.asp, and via the name of a MIME type when adding new mimetypes. Affected versions are
rt-sa-2007-005.txt
Advisory: ActiveWeb Contentserver CMS Multiple Cross Site Scriptings RedTeam Pentesting discovered three Cross Site Scripting vulnerabilities in the activeWeb contentserver CMS during a penetration test. One of the Cross Site Scriptings is persistent. Details ======= Product: activeWeb...