25 matches found
EUVD-2008-2855
Malware in sbrugna...
EUVD-2008-2857
Malware in sbrugna...
EUVD-2008-2854
Malware in sbrugna...
CVE-2008-2864
eLineStudio Site Composer ESC 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 trigger.asp or 2 common2.asp in cms/include/, which reveals the database path...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in eLineStudio Site Composer ESC 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 topic and 2 button parameters to ansFAQ.asp and the 3 id and 4 txtEmail parameters to login.asp...
CVE-2008-2862
Multiple SQL injection vulnerabilities in eLineStudio Site Composer ESC 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to ansFAQ.asp and the 2 templateid parameter to preview.asp...
Sql injection
Multiple SQL injection vulnerabilities in eLineStudio Site Composer ESC 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to ansFAQ.asp and the 2 templateid parameter to preview.asp...
Path traversal
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer ESC 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to 1 folderdel.asp or 2 foldernew.asp in cms/assetmanager/...
CVE-2008-2863
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer ESC 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to 1 folderdel.asp or 2 foldernew.asp in cms/assetmanager/...
Path traversal
eLineStudio Site Composer ESC 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 trigger.asp or 2 common2.asp in cms/include/, which reveals the database path...
CVE-2008-2861
Multiple cross-site scripting XSS vulnerabilities in eLineStudio Site Composer ESC 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 topic and 2 button parameters to ansFAQ.asp and the 3 id and 4 txtEmail parameters to login.asp...
CVE-2008-2862
Multiple SQL injection vulnerabilities in eLineStudio Site Composer ESC 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to ansFAQ.asp and the 2 templateid parameter to preview.asp...
CVE-2008-2861
The CVE-2008-2861 entry concerns multiple XSS flaws in eLineStudio Site Composer (ESC) prior to or including version 2.6. The vulnerabilities are triggered via the following parameters: topic and button in ansFAQ.asp, and id and txtEmail in login.asp. Attackers could inject arbitrary web script/H...
EUVD-2008-2856
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer ESC 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to 1 folderdel.asp or 2 foldernew.asp in cms/assetmanager/...
CVE-2008-2862
Affected software: eLineStudio Site Composer (ESC) up to version 2.6. Vulnerable components: ansFAQ.asp (id parameter) and preview.asp (template_id parameter)—subject to SQL injection due to improper input handling. Root cause: user input directly used in SQL commands. Impact: remote attackers ca...
CVE-2008-2861
Multiple cross-site scripting XSS vulnerabilities in eLineStudio Site Composer ESC 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 topic and 2 button parameters to ansFAQ.asp and the 3 id and 4 txtEmail parameters to login.asp...
CVE-2008-2864
eLineStudio Site Composer ESC 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 trigger.asp or 2 common2.asp in cms/include/, which reveals the database path...
CVE-2008-2863
CVE-2008-2863 describes multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6. The flaw allows remote attackers to create or delete arbitrary directories via a full pathname supplied in the inpCurrFolder parameter to cms/assetmanager/folderdel_.asp or cms/assetma...
CVE-2008-2864
CVE-2008-2864 affects eLineStudio Site Composer (ESC) versions 2.6 and earlier. The vulnerability allows remote attackers to obtain sensitive information via direct requests to (1) trigger.asp or (2) common2.asp in cms/include/, revealing the database path. Documented impact is exposure of backen...
eLineStudio Site Composer (ESC) <= 2.6 Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: eLineStudio Site Composer ESC =2.6 Multiple Vulnerabilities Vendor: www.elinestudio.com Vulnerable Version: 2.6 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...