11 matches found
ASPNuke 0.80 Language_Select.ASP HTTP Response Splitting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14063/info ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to...
Month Of Abysssec Undisclosed Bugs - ASP Nuke 0.80
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | 0 " & "AND art.Archive = 0" Considering to the code, you can bro...
ASP-Nuke <= 0.80 article.asp articleid变量远程SQL注入漏洞
BugCVE: CVE-2005-2067 BUGTRAQ: 13318 ASP-Nuke处理用户请求时存在输入验证漏洞,远程攻击者可以利用此漏洞非授权访问数据库。 ASP-Nuke的article.asp脚本没有正确过滤articleid参数数据,远程攻击可以在输入中插入特定的SQL语句,从而非授权操作数据库,导致敏感信息泄露或ASP-Nuke被完全控制。 ASP-Nuke = 0.80 厂商补丁: ASP-Nuke -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2005-2066
SQL injection vulnerability in commentpost.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter...
CVE-2005-2064
Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to forgotpassword.asp, or the 2 FirstName, 3 LastName, 4 Username, 5 Password, 6 Address1, 7 Address2, 8 City, 9 ZipCode, 10 Email parameter to...
CVE-2005-2065
HTTP response splitting vulnerability in languageselect.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the LangCode parameter...
CVE-2005-2066
CVE-2005-2066 : A SQL injection vulnerability exists in the ASP Nuke 0.80 web application via the TaskID parameter in the file comment_post.asp. Remote attackers could execute arbitrary SQL statements, as reported by the NVD entry, with an impact described as partial confidentiality, integrity, a...
CVE-2005-2065
Affected product: ASP Nuke 0.80 (language_select.asp). Vulnerability: HTTP response splitting via CRLF ("%0d%0a") in the LangCode parameter. Impact (as stated): remote attackers can spoof web content and poison web caches. Root cause: unsafely untrusted LangCode parameter allowing CRLF sequences....
ASPNuke 0.80 - article.asp SQL Injection
ASPNuke 0.80 - article.asp SQL Injection !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: ASPNuke ASP Portal Expl0it By: [email protected] Discovered By: Trap-Set Underground Hacking Team oilKarchacK GR33tz T0 == Alphaprogrammer -- oilKarchack -- theCephale...
comasp.pl.txt
This is a multi-part message in MIME format. ------=NextPart000003901C5473D.C6C4A380 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =20 !/usr/bin/perl use IO::Socket; use Getopt::Std; print "xASP NUKE 0.80 and below Comments.asp Sql Injection Exploit\n"...
xpl_detail.pl.txt
This is a multi-part message in MIME format. ------=NextPart000003201C5473D.B3E3E000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable http://icis.digitalparadox.org/exploits/xpldetail.pl =20 !/usr/bin/perl use IO::Socket; use Getopt::Std; print "xASP NUKE...