213 matches found
LDF SQL Injection
Product : LDF vendor : www.ldf.22.cn Vulnerable Versions : All Default.asp Page has an issue on validating "Page" parameter , It could be exploited by attacker & attacker can inject arbitrary Sql Commands http://www.example.com/ldf path/default.asp?page=SQL COMMAND...
ActiveBids (default.asp) Blind SQL Injection Vulnerability
No description provided by source. ActiveBids default.asp Blind SQL Injection Vulnerability Author : Hussin X Home : www.IQ-TY.com email : [email protected] Vendor : http://www.activewebsoftwares.com Demo : http://server/default.asp?catid=39+and+1=1 true http://server/default.asp?catid=39+and+1=...
ActiveBids (default.asp) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== ActiveBids default.asp Blind SQL Injection Vulnerability ========================================================== ActiveBids default.asp Blind SQL Injection Vulnerability Vendor ...
ActiveBids - 'default.asp' Blind SQL Injection
ActiveBids default.asp Blind SQL Injection Vulnerability Author : Hussin X Home : www.IQ-TY.com email : [email protected] Vendor : http://www.activewebsoftwares.com Demo : http://server/default.asp?catid=39+and+1=1 true http://server/default.asp?catid=39+and+1=0 false :: test ::...
ActiveTrade 2.0 - 'default.asp' Blind SQL Injection
Active Trade 2.0default.asp Blind SQL Injection Vulnerability Author : Hussin X Home : www.IQ-TY.com email : [email protected] Vendor : http://www.activewebsoftwares.com Demo : http://server/default.asp?catid=39+and+1=1 true http://server/default.asp?catid=39+and+1=0 false Greetz : WwW.IQ-ty.CoM...
ActiveTrade 2.0 - default.asp Blind SQL Injection
ActiveTrade 2.0 - default.asp Blind SQL Injection Active Trade 2.0default.asp Blind SQL Injection Vulnerability Author : Hussin X Home : www.IQ-TY.com email : [email protected] Vendor : http://www.activewebsoftwares.com Demo : http://server/default.asp?catid=39+and+1=1 true...
ActiveBids - default.asp Blind SQL Injection
ActiveBids - default.asp Blind SQL Injection ActiveBids default.asp Blind SQL Injection Vulnerability Author : Hussin X Home : www.IQ-TY.com email : [email protected] Vendor : http://www.activewebsoftwares.com Demo : http://server/default.asp?catid=39+and+1=1 true...
WoDig社区程序Default.asp页面过滤不严导致SQL注入漏洞
WODIG是一套经过完善设计的中文DIGG社区开源程序,是Windows NT服务环境下DIGG社区程序的最佳解决方案。 在文件Default.asp中: tagsname = Request"tagsname" //第33行 …… %Call Default.GetMainPP"Default.asp"% //第157行 GetMainPP过程在文件wolib/ clsclass.asp中: Public Sub GetMainPPpageurl //第827行 …… if tagsname "" then //第839行 Sql = Sql & " and SrcID inSelec...
Simbas CMS 2.0 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. ----------------------------------------------------- ----------------------------------------------------- Simbas Content Management System auth Bypass Remote Sql Injecion ----------------------------------------------------- Founder: ThE g0bL!NDz Home:...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...
CVE-2008-6675
Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...
Sql injection
Multiple SQL injection vulnerabilities in Shader TV Beta allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to 1 kanal.asp, 2 google.asp, and 3 hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the 4 username or 5...
CVE-2008-6389
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-6369
The CVE-2008-6369 entry concerns a SQL injection in Ocean12 Contact Manager Pro 1.02. The affected component is default.asp, where the Sort parameter enables remote attackers to execute arbitrary SQL commands. The language in the connected records confirms the vulnerability class and affected pro...
CVE-2008-6389
The CVE-2008-6389 entry concerns a SQL injection in Rae Media Contact Management Software (SOHO, Standard, Enterprise) via asadmin/default.asp, exploited through the Password parameter. Root cause: improper handling of input in the Password field leads to arbitrary SQL execution by remote attacke...
CVE-2008-6389
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-6257
OpenASP 3.0 and earlier are affected by a SQL injection in default.asp (pages module) via the idpage parameter, allowing remote execution of arbitrary SQL commands. Root cause: unsafe SQL construction in the pages module. Affected: Openasp 3.0 and earlier. CVSS indicates high impact with partial ...
Sql injection
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...
Sql injection
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to 1 default.asp and 2 sedit.asp...
CVE-2008-5979
CVE-2008-5979 describes a cross-site scripting (XSS) vulnerability in default.asp of Ocean12 Mailing List Manager Gold. The flaw allows remote attackers to inject arbitrary web script or HTML via the Email parameter, enabling potential session hijacking or defacement depending on the context and ...