18 matches found
EUVD-2008-5893
Malware in sbrugna...
EUVD-2008-5894
Malware in sbrugna...
CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5925
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
ASP-DEV XM Events Diary 'cat' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32809/info ASP-DEV XM Events Diary is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Sql injection
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
Sql injection
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Improper access control
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
CVE-2008-5924
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5924
ASP-Dev XM Event Diary is affected by CVE-2008-5924, a SQL injection in diary_viewC.asp that allows remote attackers to execute arbitrary SQL commands via the cat parameter. The OpenVAS entry corroborates multiple vulnerabilities in the same product, including improper sanitisation of input used ...
CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter...
CVE-2008-5923
CVE-2008-5923 affects ASP-Dev XM Events Diary (Web app). OpenVAS/OpenVAS-derived data show SQL injection in default.asp (and diary_viewC.asp) where user-supplied input passed to SQL queries via the cat parameter, enabling remote attackers to execute arbitrary SQL. Additional context notes insuffi...
CVE-2008-5925
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb...
CVE-2008-5924
SQL injection vulnerability in diaryviewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-5925
ASP-Dev XM Events Diary has a partial-access control weakness that exposes the diary.mdb database under the web root, allowing remote retrieval via a direct request. Affected component is the diary database/file handling within the web app; underlying issue is insufficient access control leading ...
ASP-DEV XM Events Diary - cat SQL Injection
ASP-DEV XM Events Diary - cat SQL Injection source: https://www.securityfocus.com/bid/32809/info ASP-DEV XM Events Diary is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
ASP-DEV XM Events Diary - 'cat' SQL Injection
source: https://www.securityfocus.com/bid/32809/info ASP-DEV XM Events Diary is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access...