25 matches found
EUVD-2008-5101
Malware in sbrugna...
EUVD-2008-3485
Malware in sbrugna...
EUVD-2009-4440
Malware in sbrugna...
Ektron CMS400.NET Default Password Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ektron CMS400.NET Default Password Scanner', 'Description' = %q Ektron CMS400.NET is a web content management system based on .NET. This module...
Ektron CMS400.NET 7.5.2 Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/39679/info Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a directory-traversal issue, a...
Ektron CMS400.NET Default Password Scanner
Ektron CMS400.NET is a web content management system based on .NET. This module tests for installations that are utilizing default passwords set by the vendor. Additionally, it has the ability to brute force user accounts. Note that Ektron CMS400.NET, by default, enforces account lockouts for...
Ektron CMS400.NET Default Credentials
It is possible to log into the Ektron CMS400.NET install on the remote host using a default set of credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid46198; scriptversion"1.12";...
Ektron CMS400.NET Detection
The remote web server hosts Ektron CMS400.NET, a content management software used to create, deploy, and manage websites. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid46197; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate",...
Ektron CMS400.NET 'workarea/reterror.aspx' info Parameter XSS
The installed version of Ektron CMS400.NET fails to sanitize user- supplied input to the 'info' parameter in the 'workarea/reterror.aspx' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or...
Ektron CMS400.net TransformXslt Web Service Directory Traversal
The installed version of Ektron CMS400.net ships with a web service that processes untrusted XML data and could allow an attacker to perform XML External Entity XXE attacks. Nessus was able to exploit this issue by sending a specially crafted request to the 'TransformXslt' web service, and retrie...
Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities
Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/39679/info Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a...
Ektron CMS400.NET 7.5.2 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/39679/info Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a directory-traversal issue, a security-bypass issue, and a URI...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the 1 css, 2 eca, 3 id, and 4 skin parameters. NOTE: so...
CVE-2009-4473
Multiple cross-site scripting XSS vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the 1 css, 2 eca, 3 id, and 4 skin parameters. NOTE: so...
CVE-2009-4473
Multiple cross-site scripting XSS vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the 1 css, 2 eca, 3 id, and 4 skin parameters. NOTE: so...
CVE-2009-4473
CVE-2009-4473: Concrete XSS vulnerabilities in Ektron CMS400.NET (WorkArea/ContentDesigner/ekformsiframe.aspx) due to improper sanitization of user-supplied input. Affects Ektron CMS400.NET versions 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2. Attacker can inject arbitrary script/HTM...
Ektron CMS400.NET id Parameter XSS
The remote web server is hosting the Ektron CMS400.NET content management system. The installed version fails to properly sanitize user-supplied input to the 'id' parameter of the 'ekformsiframe.aspx script. An attacker, exploiting this flaw, could execute arbitrary script code in the browser of...
CVE-2008-5122
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter...
Sql injection
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter...
CVE-2008-5122
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter...