7 matches found
EUVD-2006-0130
Malware in sbrugna...
You can expand your version of well in Aquifer.boreWell() with unpredictable results
Lines of code Vulnerability details Impact boreWell takes an implementation parameter. This parameter is not checked in any way. Thus, the user can pass any of his parameters and expand his well option. This can lead to unpredictable consequences. Proof of Concept 1. The user creates his own...
Pool address predictability creates many problems
Lines of code Vulnerability details Impact The Aquifer.boreWell function is responsible for creating new Well. This is done using the LibClone.cloneDeterministic function. The address of the new Well depends solely on the salt and/or immutableData parameter provided by the user. Once a user creat...
CVE-2006-0122
Cross-site scripting XSS vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter...
CVE-2006-0122
Cross-site scripting XSS vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter...
CVE-2006-0122
CVE-2006-0122 describes a cross-site scripting (XSS) vulnerability in Aquifer CMS, specifically in Public/Index.asp, exploitable via the Keyword parameter to inject arbitrary script/HTML. The surrounding documents consistently identify the affected component as Aquifer CMS and the vulnerability m...
[SA18326] Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability
TITLE: Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18326 VERIFY ADVISORY: http://secunia.com/advisories/18326/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Aquifer CMS http://secunia.com/product/6752/ DESCRIPTION: Preddy has...