27 matches found
EUVD-2008-1550
Malware in sbrugna...
EUVD-2008-0949
Malware in sbrugna...
EUVD-2008-0950
Malware in sbrugna...
EUVD-2008-1549
Malware in sbrugna...
EUVD-2008-0948
Malware in sbrugna...
EUVD-2007-6483
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the 1 UserName parameter to loginproc.asp and the 2 usr parameter to Login.asp...
CVE-2008-1548
Multiple cross-site scripting XSS vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the 1 UserName parameter to loginproc.asp and the 2 usr parameter to Login.asp...
Sql injection
Multiple SQL injection vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the 1 GrdBk parameter to GradebookOptions.asp and the 2 SchlCode variable to loginproc.asp, a different...
CVE-2008-1549
Multiple SQL injection vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the 1 GrdBk parameter to GradebookOptions.asp and the 2 SchlCode variable to loginproc.asp, a different...
CVE-2008-1548
CVE-2008-1548 describes multiple XSS vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 within Eagle Software’s Aries Student Information System. The issues allow remote attackers to inject arbitrary web script or HTML via (1) the UserName parameter to loginproc.asp and (2) the usr parame...
CVE-2008-1548
Multiple cross-site scripting XSS vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the 1 UserName parameter to loginproc.asp and the 2 usr parameter to Login.asp...
CVE-2008-1549
CVE-2008-1549 documents multiple SQL injection vulnerabilities in Eagle Software’s Aeries Browser Interface (ABI) 3.8.3.14 within the Aries Student Information System. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the GrdBk parameter to GradebookOptions.asp and ...
aeries-sqlxss.txt
Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...
Sql injection
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface ABI 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 FC parameter to Comments.asp, or the Term parameter to 2 Labels.asp or 3 ClassList.asp...
CVE-2008-0941
Cross-site scripting XSS vulnerability in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event...
Sql injection
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter...
CVE-2008-0942
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter...
CVE-2008-0941
The vulnerability CVE-2008-0941 affects Eagle Software Aeries Browser Interface (ABI) 3.8.2.8. It is a Cross-site Scripting (XSS) flaw that allows remote authenticated users to inject arbitrary web script or HTML via an event. The NVD entry lists a base score of 4.3 (Medium) with vector AV:N/AC:M...