343 matches found
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities
Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...
CVE-2005-0301
comersusbackofficeinstall10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program...
CVE-2005-0302
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header...
CVE-2005-0303
Multiple cross-site scripting XSS vulnerabilities in 1 comersussupportError.asp or 2 comersusbackofficelitesupportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter...
CVE-2005-0302
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header...
CVE-2005-0301
comersusbackofficeinstall10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program...
CVE-2005-0303
Multiple cross-site scripting XSS vulnerabilities in 1 comersussupportError.asp or 2 comersusbackofficelitesupportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter...
CVE-2005-0302
CVE-2005-0302 describes an SQL injection vulnerability in the BackOffice Lite web application (version 6.0 and 6.01) where an attacker can inject arbitrary SQL commands through the Referer header in requests to default.asp. This live vulnerability could allow unauthorized data access or modificat...
CVE-2005-0301
The CVE-2005-0301 entry affects Comersus BackOffice Lite 6.0 and 6.01. The vulnerability arises in comersus_backoffice_install10.asp, allowing remote attackers to bypass authentication and gain privileges via a direct request to the program. This aligns with the OpenVAS entry describing an admini...
CVE-2005-0303
CVE-2005-0303 applies to BackOffice Lite 6.0 and 6.01, where two files (comersus_supportError.asp and comersus_backofficelite_supportError.asp) are vulnerable to cross-site scripting via the error parameter. The underlying issue is reflected XSS allowing remote attackers to inject arbitrary scrip...
bug report comersus Back Office Lite 6.0 and 6.0.1
Software: Comersus ASP Shopping Cart Version: 6.0 Free version containing BackOffice Lite 6.0 and 6.01 Vendor: Comersus 1. Software Description -------------------- Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing,...
CVE-2002-0736
Microsoft BackOffice 4.0/4.5, when configured for remote access, is vulnerable to authentication bypass via an HTTP request using a non-blank auth_type, allowing remote attackers to access administrative ASP pages. The provided documents describe the vulnerability and impact but do not include a ...
CVE-2002-0736
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type authtype that is not blank...
CVE-2002-0736
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type authtype that is not blank...
Unauthorized access to web administration in BackOffice
Any local user including web Guests can perform some administration tasks...
CVE-1999-0372
The installer for BackOffice Server includes account names and passwords in a setup file reboot.ini which is not deleted...
CVE-1999-0372
The CVE concerns the BackOffice Server installer leaking credentials: account names and passwords are written to a setup file (reboot.ini) and not deleted after installation. This exposes partial confidentiality risk on local execution, per the CVSS metrics (Low base score, Local attack vector, n...
reboot.ini-passwds.txt
Date: Fri, 12 Feb 1999 14:34:17 -0800 From: [email protected] To: [email protected] Subject: Microsoft Security Bulletin MS99-005 The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an...
backoffice.installer.txt
Date: Thu, 18 Feb 1999 14:44:48 -0800 PST From: CIAC Mail User To: [email protected] Subject: CIAC Bulletin J-030: Microsoft BackOffice Vulnerability For Public Release -----BEGIN PGP SIGNED MESSAGE----- The U.S. Department of Energy Computer Incident Advisory Capability / | /\ / \ |...