HP Managed Printing Administration < 2.7.0 XSS

The remote web server is hosting a version of HP Managed Printing Administration earlier than 2.7.0. As such, it is potentially affected by an unspecified cross-site scripting vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'...

Log Rover pword Parameter SQL Injection

The remote host is running Log Rover, an ASP application for analyzing web server log files. The web interface included with the version of Log Rover installed on the remote host fails to sanitize user-supplied input to the 'pword' parameter of the 'login.asp' script before using it to construct...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

SmarterMail Subject Field XSS

The remote host is running SmarterMail, an email and collaboration server for Windows. The webmail component of the version of SmarterMail installed on the remote host fails to sanitize the Subject field of messages before using it to generate dynamic HTML output. An unauthenticated attacker may ...

Hosting Controller hosting/addreseller.asp reseller Parameter Authentication Bypass

The version of Hosting Controller installed on the remote host allows a remote attacker to bypass authentication and gain access to an arbitrary user's control panel, including as an administrator. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

DevTrack Web Service UserName Field SQL Injection

The remote host is running DevTrack, a defect and project tracking tool. The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote...

A-FAQ SQL inj. vuln.

A-FAQ SQL inj. vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/faq-sql-inj-vuln.html vendor:http://www.alanward.net/afaq affected version:1.0 and prior Product Description: A-FAQ is an ASP application used for managing a database of questions...

DUpaypal Pro Multiple Scripts SQL Injection

The remote host is running DUpaypal Pro, an ASP-based storefront from DUware for Paypal. The installed version of DUpaypal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries,...

DUportal Pro Multiple Scripts SQL Injection (2)

The remote host is running DUportal Pro, an ASP-based product suite from DUware for building web portals / online communities. The installed version of DUportal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an...

DUclassmate Multiple Scripts SQL Injection

The remote host is running DUclassmate, a web-based classmates listing and friends search application from DUware and written in ASP. The installed version of DUclassmate fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws...

Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)

The remote host is running the Episodex Guestbook, a guestbook written in ASP. The version of Episodex installed on the remote host does not validate input to various fields in the 'default.asp' script before using it to generate dynamic HTML. Additionally, an unauthenticated, remote attacker can...

dwc_articles possible sql injection

author: l0om site: www.excluded.org product: dwcarticles = 1.6 maybe other versions too problem: possible sql injection Vendor site? www.distinctwebcreations.com note:its currently down. Vendor status? Didnt find an email address or phon number. what is it? DwcArticles is an ASP application...

ZixForum ZixForum.mdb DIrect Request Database Disclosure

The remote server is running ZixForum, a set of ASP scripts for a web-based forum. This program uses a database named 'ZixForum.mdb' that can be downloaded by any client. This database contains discussions, account information, etc. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities

S-Quadra Advisory 2004-03-31 Topic: CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities Severity: High Vendor URL: http://www.cactushop.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040331.txt Release date: 31 Mar 2004 1. DESCRIPTION CactuShop is an ASP...

Adv-20040331.txt

S-Quadra Advisory 2004-03-31 Topic: CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities Severity: High Vendor URL: http://www.cactushop.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040331.txt Release date: 31 Mar 2004 1. DESCRIPTION CactuShop is an ASP...

[Full-Disclosure] CactuSoft CactuShop 5.0 Lite shopping cart software backdoor

S-Quadra Advisory 2004-02-06 Topic: CactuSoft CactuShop 5.0 Lite shopping cart software backdoor Severity: High Vendor URL: http://www.cactushop.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040206.txt Release date: 06 Feb 2004 1. DESCRIPTION CactuShop is an ASP application for runni...

[Full-Disclosure] SQL Injections in VieNuke

This ASP Portal/Forum, http://www.vienuke.com, is a nest of SQL Injections... ... the first thing I have tried http://www.vienuke.com/vie/viewtopic.asp?forumid=48&id=2736' :- Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html...

WebStores 2000 browse_item_details.asp SQL Injection

The remote web server is running WebStores 2000, a set of ASP scripts designed to set up an e-commerce store. There is a flaw in the version of WebStores used on the remote host that may allow an attacker to make arbitrary SQL statements to the backend database. An attacker may be able to exploit...

Microsoft Active Server Pages DoS

AQTRONIX Security Advisory AQ-2003-01 ===================================== Topic: Microsoft Active Server Pages DoS Release date: 18 April 2003 Systems Tested: Windows 2000 Server Family + SP3 + MS02-062 Affected Systems: IIS 4.0, IIS 5.0, IIS 5.1 with ASP 3.0 installed I did not test previous...

Web Wiz Forums wwforum.mdb Direct Request Database Disclosure

The remote server is running Web Wiz Site Forum, a set of ASP scripts to manage online forums. This release comes with a 'wwforum.mdb' database, usually located under 'admin', that contains sensitive information, such as the user passwords and emails. An attacker may use this flaw to gain...