CVE-2008-1548

Multiple cross-site scripting XSS vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the 1 UserName parameter to loginproc.asp and the 2 usr parameter to Login.asp...

CVE-2008-1548

CVE-2008-1548 describes multiple XSS vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 within Eagle Software’s Aries Student Information System. The issues allow remote attackers to inject arbitrary web script or HTML via (1) the UserName parameter to loginproc.asp and (2) the usr parame...

CVE-2008-1548

Multiple cross-site scripting XSS vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the 1 UserName parameter to loginproc.asp and the 2 usr parameter to Login.asp...

CVE-2008-1549

Multiple SQL injection vulnerabilities in Aeries Browser Interface ABI 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the 1 GrdBk parameter to GradebookOptions.asp and the 2 SchlCode variable to loginproc.asp, a different...

CVE-2008-1549

CVE-2008-1549 documents multiple SQL injection vulnerabilities in Eagle Software’s Aeries Browser Interface (ABI) 3.8.3.14 within the Aries Student Information System. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the GrdBk parameter to GradebookOptions.asp and ...

aeries-sqlxss.txt

Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...

[SECURITY] Fedora 7 Update: viewvc-1.0.5-1.fc7

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

Sql injection

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface ABI 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 FC parameter to Comments.asp, or the Term parameter to 2 Labels.asp or 3 ClassList.asp...

Sql injection

SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter...

CVE-2008-0942

SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter...

CVE-2008-0941

Cross-site scripting XSS vulnerability in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event...

CVE-2008-0941

Cross-site scripting XSS vulnerability in Eagle Software Aeries Browser Interface ABI 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event...

CVE-2008-0943

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface ABI 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 FC parameter to Comments.asp, or the Term parameter to 2 Labels.asp or 3 ClassList.asp...

CVE-2008-0941

The vulnerability CVE-2008-0941 affects Eagle Software Aeries Browser Interface (ABI) 3.8.2.8. It is a Cross-site Scripting (XSS) flaw that allows remote authenticated users to inject arbitrary web script or HTML via an event. The NVD entry lists a base score of 4.3 (Medium) with vector AV:N/AC:M...

aeries-sql.txt

Discovered By : Arsalan Emamjomehkashan [email protected] aeries browser interface 3.7.2.2 SQL Injection Website:http://aeries.com/ Demo:you can test it on http://demo.aeries.com/abi/ Comments.asp?&FC=SQL Labels.asp?&Term=SQL ClassList.asp&Term=SQL -------------------------------- Aria-Security...

aeries browser interface(ABI) 3.7.2.2 Remote SQL Injection

Discovered By : Arsalan Emamjomehkashan [email protected] aeries browser interface 3.7.2.2 SQL Injection Website:http://aeries.com/ Demo:you can test it on http://demo.aeries.com/abi/ Comments.asp?&FC=SQL Labels.asp?&Term=SQL ClassList.asp&Term=SQL -------------------------------- Aria-Security...

aeries browser interface(ABI) 3.8.2.8 Remote SQL Injection

Discovered By : Arsalan Emamjomehkashan [email protected] aeries browser interfaceABI 3.8.2.8 Remote SQL Injection Website:http://aeries.com/ GradebookStuScores.asp?GrdBk=SQL -------------------------- Aria-Security Team httP://Aria-Security.Net...

aeries browser interface(ABI) 3.8.2.8 XSS

Discovered By : Arsalan Emamjomehkashan [email protected] aeries browser interfaceABI 3.8.2.8 XSS Website:http://aeries.com/ Login on it add a new event with scriptalert"xss/script and it will work each time you load your homepage -------------------------------- Aria-Security Team...

CVE-2007-6517

SQL injection vulnerability in the forget password section LostPwd.asp in Eagle Software Aeries Browser Interface ABI 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information...