21 matches found
EUVD-2004-2689
Malware in sbrugna...
EUVD-2004-2691
Malware in sbrugna...
EUVD-2004-2690
Malware in sbrugna...
CVE-2004-2700
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx...
AspDotNetStorefront 3.3 ReturnURL Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10507/info AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the...
AspDotNetStorefront 3.3 Access Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10506/info AspDotNetStorefront is reportedly prone to an access validation vulnerability that may allow a remote attacker to delete arbitrary contents from a vulnerable Web site. The issue occurs because the...
CVE-2004-2700
CVE-2004-2700 affects AspDotNetStorefront 3.3, where an unrestricted file upload via admin/images.aspx allows remote authenticated administrators to upload files with executable extensions. This is documented across multiple sources (NVD entry and vendor/partner advisories). The core issue is imp...
CVE-2004-2700
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx...
CVE-2004-2701
CVE-2004-2701 is a cross-site scripting (XSS) vulnerability in AspDotNetStorefront 3.3, specifically in signin.aspx where an attacker can inject arbitrary web script or HTML via the returnurl parameter. Affected component is the signin.aspx handling of returnurl; root cause is improper handling o...
CVE-2004-2699
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter...
CVE-2004-2701
Cross-site scripting XSS vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter...
CVE-2004-2699
CVE-2004-2699 : deleteicon.aspx in AspDotNetStorefront 3.3 allows an unauthenticated remote attacker to delete arbitrary product images by modifying the ProductID parameter. This affects image integrity (partial impact) per the NVD CVSS2 vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) with a base score of 4....
CVE-2004-2700
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx...
CVE-2004-2699
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter...
CVE-2004-2701
Cross-site scripting XSS vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter...
[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation
ASPDOTNETSTOREFRONT Improper Session Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...
[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability
ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability Release Date: June 9, 2004 Severity: Medium Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web...
ADVISORY: ASPDOTNETSTOREFRONT Improper Upload Validation
ASPDOTNETSTOREFRONT Improper Upload Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...
AspDotNetStorefront 3.3 - 'ReturnURL' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10507/info AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the 'signin.aspx' script of the...
AspDotNetStorefront 3.3 - Access Validation
source: https://www.securityfocus.com/bid/10506/info AspDotNetStorefront is reportedly prone to an access validation vulnerability that may allow a remote attacker to delete arbitrary contents from a vulnerable Web site. The issue occurs because the 'deleteicon.aspx' script does not validate acce...