41 matches found
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
Sql injection
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picturerealedit.asp, and probably other unspecified vectors...
CVE-2007-3014
Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...
CVE-2007-3014
CVE-2007-3014 affects activeWeb contentserver prior to 5.6.2964. The vulnerability is multiple cross-site scripting (XSS) flaws exploitable via the msg parameter in errors/rights.asp and errors/transaction.asp, and via the name of a MIME type when adding new mimetypes. Affected versions are
CVE-2007-3013
CVE-2007-3013 affects activeWeb contentserver: SQL injection in the picture_real_edit.asp endpoint (id parameter) that can be exploited by editors with edit permission to execute arbitrary SQL. Affected versions were
rt-sa-2007-004.txt
Advisory: ActiveWeb Contentserver CMS SQL Injection Management Interface RedTeam Pentesting discovered an SQL Injection in the picturerealedit.asp script of the activeWeb contentserver CMS during a penetration test. An editor with the permission to edit pictures can exploit this by injecting...
rt-sa-2007-005.txt
Advisory: ActiveWeb Contentserver CMS Multiple Cross Site Scriptings RedTeam Pentesting discovered three Cross Site Scripting vulnerabilities in the activeWeb contentserver CMS during a penetration test. One of the Cross Site Scriptings is persistent. Details ======= Product: activeWeb...
ActiveWeb Contentserver 5.6.2929 - Picture_Real_Edit.asp SQL Injection
ActiveWeb Contentserver 5.6.2929 - PictureRealEdit.asp SQL Injection source: https://www.securityfocus.com/bid/24894/info activeWeb contentserver is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A...
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass source: https://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can...
contentserver 5.6.2929 - errorstransaction.asp?msg Cross-Site Scripting
contentserver 5.6.2929 - errorstransaction.asp?msg Cross-Site Scripting source: https://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...
[Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings
Advisory: ActiveWeb Contentserver CMS Multiple Cross Site Scriptings RedTeam Pentesting discovered three Cross Site Scripting vulnerabilities in the activeWeb contentserver CMS during a penetration test. One of the Cross Site Scriptings is persistent. Details ======= Product: activeWeb...
contentserver 5.6.2929 - '/errors/transaction.asp?msg' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...
ActiveWeb Contentserver CMS 5.6.2929 - Client-Side Filtering Bypass
source: https://www.securityfocus.com/bid/24898/info activeWeb contentserver is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit these input-validation vulnerabilities to perform various attack...
[Full-disclosure] ActiveWeb Contentserver CMS Editor Permission Settings Problem
Advisory: ActiveWeb Contentserver CMS Editor Permission Settings Problem RedTeam Pentesting discovered a problem with the permission settings in the management interface of the activeWeb contentserver CMS during a penetration test. The ability of an editor to create and edit documents can be...
Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings
didn't find this in your list. Work for their online demo site not sure if it works in actual deployment -...
[Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content
Advisory: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content RedTeam Pentesting discovered a design vulnerability in the page editor of the activeWeb contentserver CMS during a penetration test. Filtering of user content, e.g. to prevent the usage of Javascript code, is done ...
contentserver 5.6.2929 - '/errors/rights.asp?msg' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24895/info activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...