91 matches found
CVE-2006-2566
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...
CVE-2006-2567
Cross-site scripting XSS vulnerability in submitarticle.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets CSS property of a STYLE attribute of an...
Cross site scripting
Cross-site scripting XSS vulnerability in submitarticle.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets CSS property of a STYLE attribute of an...
Design/Logic Flaw
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...
Sql injection
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...
CVE-2006-2566
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...
CVE-2006-2565
Affected software: Alstrasoft Article Manager Pro 1.6. The vulnerability is an SQL injection in two parameters: author_id in profile.php and aut_id in userarticles.php. The SQL manipulation may lead to arbitrary SQL execution and, for the aut_id vector, potential resultant path disclosure if the ...
CVE-2006-2567
CVE-2006-2567 is an XSS vulnerability in the Alstrasoft Article Manager Pro 1.6, affecting the submit_article.php handler. The issue arises from unsafely handling user input in a STYLE attribute, enabling an attacker to inject JavaScript via a javascript: URI in a CSS property, potentially compro...
CVE-2006-2566
Affected software: Alstrasoft Article Manager Pro 1.6. The vulnerability is an information disclosure that exposes the path via error messages in two potential inputs: (1) the action parameter in a request to mrarticles.php (possible quote character or invalid value) and (2) a login QUERY_STRING ...
CVE-2006-2565
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...
CVE-2005-3844
CVE-2005-3844 concerns a SQL injection vulnerability in the phpWordWordPress PHP News and Article Manager 3.0. The issue allows remote attackers to execute arbitrary SQL commands via parameters: (1) poll and (2) category in index.php, and (3) ctg in an archive action. Affected software is the PHP...