Lucene search
K

91 matches found

NVD
NVD
added 2006/05/24 8:2 p.m.15 views

CVE-2006-2566

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...

5CVSS6.5AI score0.01392EPSS
Exploits0References4
NVD
NVD
added 2006/05/24 8:2 p.m.11 views

CVE-2006-2567

Cross-site scripting XSS vulnerability in submitarticle.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets CSS property of a STYLE attribute of an...

4.3CVSS5.7AI score0.0118EPSS
Exploits0References5
Prion
Prion
added 2006/05/24 8:2 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in submitarticle.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets CSS property of a STYLE attribute of an...

4.3CVSS6.1AI score0.0118EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2006/05/24 8:2 p.m.15 views

Design/Logic Flaw

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...

5CVSS7.1AI score0.01392EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2006/05/24 8:2 p.m.11 views

Sql injection

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...

7.5CVSS9AI score0.01337EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/05/24 8:0 p.m.20 views

CVE-2006-2566

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...

6.5AI score0.01392EPSS
Exploits0References4
CVE
CVE
added 2006/05/24 8:0 p.m.46 views

CVE-2006-2565

Affected software: Alstrasoft Article Manager Pro 1.6. The vulnerability is an SQL injection in two parameters: author_id in profile.php and aut_id in userarticles.php. The SQL manipulation may lead to arbitrary SQL execution and, for the aut_id vector, potential resultant path disclosure if the ...

7.5CVSS8.4AI score0.01337EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/05/24 8:0 p.m.45 views

CVE-2006-2567

CVE-2006-2567 is an XSS vulnerability in the Alstrasoft Article Manager Pro 1.6, affecting the submit_article.php handler. The issue arises from unsafely handling user input in a STYLE attribute, enabling an attacker to inject JavaScript via a javascript: URI in a CSS property, potentially compro...

4.3CVSS5.7AI score0.0118EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/05/24 8:0 p.m.47 views

CVE-2006-2566

Affected software: Alstrasoft Article Manager Pro 1.6. The vulnerability is an information disclosure that exposes the path via error messages in two potential inputs: (1) the action parameter in a request to mrarticles.php (possible quote character or invalid value) and (2) a login QUERY_STRING ...

5CVSS6.5AI score0.01392EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2006/05/24 8:0 p.m.21 views

CVE-2006-2565

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...

8.4AI score0.01337EPSS
Exploits0References6
CVE
CVE
added 2005/11/26 10:0 p.m.43 views

CVE-2005-3844

CVE-2005-3844 concerns a SQL injection vulnerability in the phpWordWordPress PHP News and Article Manager 3.0. The issue allows remote attackers to execute arbitrary SQL commands via parameters: (1) poll and (2) category in index.php, and (3) ctg in an archive action. Affected software is the PHP...

7.5CVSS8.9AI score0.01233EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder