20 matches found
EUVD-2012-3767
Malware in sbrugna...
EUVD-2012-3769
Malware in sbrugna...
EUVD-2012-3771
Malware in sbrugna...
EUVD-2012-3770
Malware in sbrugna...
CVE-2012-3821
A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field...
CVE-2012-3821
CVE-2012-3821 affects Arial Software Campaign Enterprise prior to or up to version 11.0.551, with a Security Bypass in the activate.asp page that could allow a remote attacker to modify the SerialNumber field. The trusted impact stated in sources is that this bypass enables unauthorized modificat...
CVE-2012-3824
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization...
CVE-2012-3823
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved...
Authorization
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization...
CVE-2012-3824
CVE-2012-3824 affects Arial Campaign Enterprise prior to version 11.0.551, where multiple pages are accessible without authentication or authorization. The vulnerability is caused by insufficient access controls on web pages, enabling unauthorized viewing of pages. A vendor patch addressing this ...
CVE-2012-3824
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization...
CVE-2012-3823
CVE-2012-3823 affects Arial Campaign Enterprise prior to version 11.0.551. The vulnerability is that passwords are stored in clear text and may be retrieved, leading to potential exposure of user credentials. Impact is confidentiality-related (credentials exposure) with no evidence of integrity/a...
CVE-2012-3822
Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials...
CVE-2012-3820
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the 1 SerialNumber field to activate.asp or 2 UID field to User-Edit.asp...
CVE-2012-3820
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the 1 SerialNumber field to activate.asp or 2 UID field to User-Edit.asp...
Campaign Enterprise 11.0.421 SQLi Vulnerability
No description provided by source. Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter i...
Campaign Enterprise <= 11.0.538 Multiple Security Vulnerabilities - Active Check
Campaign Enterprise is prone to multiple security vulnerabilities including: - Multiple security bypass vulnerabilities - Multiple information disclosure vulnerabilities - Multiple SQL injection vulnerabilities SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted fr...
Campaign Enterprise 11.0.421 SQL Injection
Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter in a POST is vulnerable to a boolean based blind SQLi. You must be authenticat...
Campaign Enterprise 11.0.421 - SQL Injection
Campaign Enterprise 11.0.421 - SQL Injection Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID...
Campaign Enterprise 11.0.421 - SQL Injection
Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter in a POST is vulnerable to a boolean...