4242 matches found
ASP-Dev XM Event Diary Multiple Vulnerabilities
The host is running ASP-Dev XM Events Diary and prone to multiple vulnerabilities. Vulnerabilities Insight: - Input passed to the 'cat' parameter in 'default.asp' and 'diaryviewC.asp' are not properly sanitised before being used in SQL queries. - Insufficient access control to the database file...
Sql injection
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5925
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
Sql injection
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Improper access control
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
CVE-2008-5926
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the 1 login parameter aka user field or the 2 password parameter aka pass field. NOTE: some of these details are obtained from third party information...
CVE-2008-5924
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the 1 login parameter aka user field or the 2 password parameter aka pass field. NOTE: some of these details are obtained from third party information...
CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5926
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the 1 login parameter aka user field or the 2 password parameter aka pass field. NOTE: some of these details are obtained from third party information...
CVE-2008-5926
CVE-2008-5926 affects the ASP-DEv Internal E-Mail System, where multiple SQL injection flaws exist in login.asp that allow remote attackers to alter the database by manipulating the login (user) or password fields. The NVD entry reports a base score of 7.5 (HIGH) with network access and LOW attac...
CVE-2008-5924
ASP-Dev XM Event Diary is affected by CVE-2008-5924, a SQL injection in diary_viewC.asp that allows remote attackers to execute arbitrary SQL commands via the cat parameter. The OpenVAS entry corroborates multiple vulnerabilities in the same product, including improper sanitisation of input used ...
CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5924
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-5925
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
CVE-2008-5923
CVE-2008-5923 affects ASP-Dev XM Events Diary (Web app). OpenVAS/OpenVAS-derived data show SQL injection in default.asp (and diary_viewC.asp) where user-supplied input passed to SQL queries via the cat parameter, enabling remote attackers to execute arbitrary SQL. Additional context notes insuffi...
CVE-2008-5925
ASP-Dev XM Events Diary has a partial-access control weakness that exposes the diary.mdb database under the web root, allowing remote retrieval via a direct request. Affected component is the diary database/file handling within the web app; underlying issue is insufficient access control leading ...
CVE-2008-5744
Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...
ASP-DEV Internal E-Mail System SQL Injection
--------------------------------------------------------- Portal Name: Internal E-Mail System Vendor : http://asp-dev.com/main.asp?page=41 Download : http://asp-dev.com/download.asp?did=4 Author : PouyaServer , [email protected] Vulnerability : Auth Bypass SQL Injection Vulnerability...
ASP-DEV Internal E-Mail System (Auth Bypass) SQL Injection Vuln
No description provided by source. --------------------------------------------------------- Portal Name: Internal E-Mail System Vendor : http://asp-dev.com/main.asp?page=41 Download : http://asp-dev.com/download.asp?did=4 Author : PouyaServer , [email protected] Vulnerability : Auth Bypass...