EUVD-2005-3207

Malware in sbrugna...

Aenovo /password/default.asp password Field SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

aeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

CVE-2005-3208

Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...

CVE-2005-3209

Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...

CVE-2005-3208

CVE-2005-3208 involves multiple SQL injection vulnerabilities in the products named aeNovo, aeNovoShop, and aeNovoWYSI. The flaws allow remote attackers to execute arbitrary SQL code via the password parameter in control.asp and the strSQL parameter in search.asp, with potential for XSS in result...

CVE-2005-3208

Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...

CVE-2005-3209

CVE-2005-3209 affects Aenovo products (aeNovo, aeNovoShop, aeNovoWYSI). The issue is that password data is stored in plaintext in the control, content, and page tables, facilitating password disclosure for attackers who have database access and enabling privilege escalation. The provided document...

CVE-2005-3209

Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...

[SA17117] aeNovo Cross-Site Scripting and SQL Injection Vulnerabilities

TITLE: aeNovo Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA17117 VERIFY ADVISORY: http://secunia.com/advisories/17117/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: aeNovo...

aenovoSQL.txt

Aenovo Multiple Vulnerabilities KAPDA::3 - Aenovo - Multiple Vulnerabilities KAPDA New advisory Vulnerable products : Aenovov Trials tested,Hopefully all other versions, AenovoShop and aeNovoWYSI v Demos tested,Hopefully all other versions Vendor: http://www.aenovo.co.uk/ Risk: High Vulnerability...

Aenovo - incssearchdisplay.asp?strSQL SQL Injection

Aenovo - incssearchdisplay.asp?strSQL SQL Injection source: https://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before usin...

Aenovo - Multiple Cross-Site Scripting Vulnerabilities

Aenovo - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage the...

Aenovo - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...

Aenovo - '/incs/searchdisplay.asp?strSQL' SQL Injection

source: https://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

[SA14580] aeNovo Database Disclosure of Sensitive Information

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

aeNovo Database Content Disclosure Vulnerability

The problem is that the aeNovo database file "dbase/aeNovo1.mdb" by default is accessible. you can disclose the ADMIN's password . The Login Page : "logon.asp"...