25 matches found
EUVD-2007-3005
Malware in sbrugna...
EUVD-2007-3010
Malware in sbrugna...
EUVD-2007-3009
Malware in sbrugna...
ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation...
Design/Logic Flaw
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
Design/Logic Flaw
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...
ActiveWeb Contentserver Picture_Real_Edit.ASP SQL注入漏洞
ActiveWeb Contentserver是一款基于ASP的WEB应用程序。 ActiveWeb Contentserver不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'picturerealedit.asp'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 activeWeb contentserver 5.6.2929 升级到5.6.2964版本: http://www.active-web.de/aw/home/Produkte/gf/contentserver/...
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
CVE-2007-3018
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories...
CVE-2007-3018
CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...
Sql injection
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
CVE-2007-3014
Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...
CVE-2007-3014
CVE-2007-3014 affects activeWeb contentserver prior to 5.6.2964. The vulnerability is multiple cross-site scripting (XSS) flaws exploitable via the msg parameter in errors/rights.asp and errors/transaction.asp, and via the name of a MIME type when adding new mimetypes. Affected versions are
CVE-2007-3013
CVE-2007-3013 affects activeWeb contentserver: SQL injection in the picture_real_edit.asp endpoint (id parameter) that can be exploited by editors with edit permission to execute arbitrary SQL. Affected versions were
rt-sa-2007-004.txt
Advisory: ActiveWeb Contentserver CMS SQL Injection Management Interface RedTeam Pentesting discovered an SQL Injection in the picturerealedit.asp script of the activeWeb contentserver CMS during a penetration test. An editor with the permission to edit pictures can exploit this by injecting...