25 matches found
EUVD-2010-0648
Malware in sbrugna...
EUVD-2010-0646
Malware in sbrugna...
EUVD-2010-0645
Malware in sbrugna...
evalSMSI 2.1.3 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38116/info evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue. Attackers can exploit these issues to gain administrative access to...
EvalSMSI < 2.2.00 Multiple Vulnerabilities
EvalSMSI is prone to multiple vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
evalSMSI multiple vulnerabilities
This host is running evalSMSI and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbevalsmsimultvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ evalSMSI multiple vulnerabilities Authors: Veerendra GG Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net...
EvalSMSI Detection (HTTP)
HTTP based detection of EvalSMSI. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800165";...
CVE-2010-0616
evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability...
CVE-2010-0614
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the 1 question action, and possibly the 2 subpar or 3 numquest actions...
CVE-2010-0615
Cross-site scripting XSS vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continueassess action. NOTE: some of these details are obtained from third party information...
Sql injection
evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability...
Sql injection
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the 1 question action, and possibly the 2 subpar or 3 numquest actions...
Cross site scripting
Cross-site scripting XSS vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continueassess action. NOTE: some of these details are obtained from third party information...
CVE-2010-0616
evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability...
CVE-2010-0615
EvalSMSI 2.1.03 contains a Cross‑Site Scripting (XSS) vulnerability in assess.php, exploitable via the reports comment box in the continue_assess action. The issue allows injection of arbitrary web script/HTML. Details indicate a client-side impact with potential partial integrity impact, and the...
CVE-2010-0615
Cross-site scripting XSS vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continueassess action. NOTE: some of these details are obtained from third party information...
CVE-2010-0614
CVE-2010-0614 is a SQL injection in evalSMSI 2.1.03 affecting ajax.php. The vulnerability allows remote attackers to inject SQL through the query parameter in the (1) question action and potentially (2) sub_par or (3) num_quest actions. Documents confirm the affected product/version and the input...
CVE-2010-0614
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the 1 question action, and possibly the 2 subpar or 3 numquest actions...
CVE-2010-0616
EvalSMSI 2.1.03 stores passwords in cleartext in the database, enabling privilege escalation for DB-authenticated attackers; remote vector is possible via a separate SQL injection vulnerability. Affected component: evalSMSI (2.1.03). Root cause: insecure password storage combined with an external...