Lucene search
K

343 matches found

Exploit DB
Exploit DB
added 2005/10/17 12:0 a.m.23 views

Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/10/17 12:0 a.m.10 views

Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities

Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

7AI score
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.15 views

CVE-2005-0301

comersusbackofficeinstall10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program...

7.5CVSS7.1AI score0.01635EPSS
Exploits0References4
NVD
NVD
added 2005/05/02 4:0 a.m.12 views

CVE-2005-0302

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header...

7.5CVSS8.4AI score0.01331EPSS
Exploits1References3
NVD
NVD
added 2005/05/02 4:0 a.m.17 views

CVE-2005-0303

Multiple cross-site scripting XSS vulnerabilities in 1 comersussupportError.asp or 2 comersusbackofficelitesupportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter...

4.3CVSS5.8AI score0.01164EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.16 views

CVE-2005-0302

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header...

8.4AI score0.01331EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.19 views

CVE-2005-0301

comersusbackofficeinstall10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program...

7.1AI score0.01635EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.16 views

CVE-2005-0303

Multiple cross-site scripting XSS vulnerabilities in 1 comersussupportError.asp or 2 comersusbackofficelitesupportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter...

5.8AI score0.01164EPSS
Exploits0References3
CVE
CVE
added 2005/02/10 5:0 a.m.42 views

CVE-2005-0302

CVE-2005-0302 describes an SQL injection vulnerability in the BackOffice Lite web application (version 6.0 and 6.01) where an attacker can inject arbitrary SQL commands through the Referer header in requests to default.asp. This live vulnerability could allow unauthorized data access or modificat...

7.5CVSS8.8AI score0.01331EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2005/02/10 5:0 a.m.52 views

CVE-2005-0301

The CVE-2005-0301 entry affects Comersus BackOffice Lite 6.0 and 6.01. The vulnerability arises in comersus_backoffice_install10.asp, allowing remote attackers to bypass authentication and gain privileges via a direct request to the program. This aligns with the OpenVAS entry describing an admini...

7.5CVSS7.1AI score0.01635EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/02/10 5:0 a.m.67 views

CVE-2005-0303

CVE-2005-0303 applies to BackOffice Lite 6.0 and 6.01, where two files (comersus_supportError.asp and comersus_backofficelite_supportError.asp) are vulnerable to cross-site scripting via the error parameter. The underlying issue is reflected XSS allowing remote attackers to inject arbitrary scrip...

4.3CVSS6AI score0.01164EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2005/01/22 12:0 a.m.57 views

bug report comersus Back Office Lite 6.0 and 6.0.1

Software: Comersus ASP Shopping Cart Version: 6.0 Free version containing BackOffice Lite 6.0 and 6.01 Vendor: Comersus 1. Software Description -------------------- Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing,...

0.2AI score
Exploits0
CVE
CVE
added 2003/04/02 5:0 a.m.44 views

CVE-2002-0736

Microsoft BackOffice 4.0/4.5, when configured for remote access, is vulnerable to authentication bypass via an HTTP request using a non-blank auth_type, allowing remote attackers to access administrative ASP pages. The provided documents describe the vulnerability and impact but do not include a ...

10CVSS7.3AI score0.31572EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.14 views

CVE-2002-0736

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type authtype that is not blank...

6.9AI score0.31572EPSS
Exploits0References4
NVD
NVD
added 2002/08/12 4:0 a.m.10 views

CVE-2002-0736

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type authtype that is not blank...

10CVSS6.9AI score0.31572EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/04/18 12:0 a.m.37 views

Unauthorized access to web administration in BackOffice

Any local user including web Guests can perform some administration tasks...

3.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 1999/09/29 4:0 a.m.26 views

CVE-1999-0372

The installer for BackOffice Server includes account names and passwords in a setup file reboot.ini which is not deleted...

6.6AI score0.04549EPSS
Exploits0References2
CVE
CVE
added 1999/09/29 4:0 a.m.69 views

CVE-1999-0372

The CVE concerns the BackOffice Server installer leaking credentials: account names and passwords are written to a setup file (reboot.ini) and not deleted after installation. This exposes partial confidentiality risk on local execution, per the CVSS metrics (Low base score, Local attack vector, n...

2.1CVSS7AI score0.04549EPSS
Exploits0References2Affected Software2
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.29 views

reboot.ini-passwds.txt

Date: Fri, 12 Feb 1999 14:34:17 -0800 From: [email protected] To: [email protected] Subject: Microsoft Security Bulletin MS99-005 The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.42 views

backoffice.installer.txt

Date: Thu, 18 Feb 1999 14:44:48 -0800 PST From: CIAC Mail User To: [email protected] Subject: CIAC Bulletin J-030: Microsoft BackOffice Vulnerability For Public Release -----BEGIN PGP SIGNED MESSAGE----- The U.S. Department of Energy Computer Incident Advisory Capability / | /\ / \ |...

7.4AI score
Exploits0
Rows per page
Query Builder