12 matches found
Absolute Form Processor XE-V 1.5 - Remote Change Pasword Exploit
No description provided by source. title Absolute Form Processor XE-V 1.5 Remote Change Pasword /title body bgcolor=FFFFFF text=000000 form name=form1 method=post action=http://www.xigla.com/absolutefp/demo/edituser.asp table width=96% border=0 cellspacing=2 cellpadding=2 align=center tr...
XIGLA Absolute Form Processor XE 1.5 'login.asp' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34463/info Absolute Form Processor XE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...
Authentication flaw
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."...
CVE-2009-1504
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."...
CVE-2009-1504
CVE-2009-1504 affects Absolute Form Processor XE 1.5. The vulnerability allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to “lvl=1&userid=1.” This is supported by NVD/NVD-derived details; CVSS metrics indicate network attack, low co...
CVE-2009-1504
Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."...
Absolute Form Processor XE-V 1.5 (Auth Bypass) SQL Injection Vuln
No description provided by source. ----------------------------------------------------- ----------------------------------------------------- Absolute Form Processor XE-V 1.5 auth Bypass Remote Sql Injecion ----------------------------------------------------- Founder: ThE g0bL!NDz Home:...
Absolute Form Processor XE-V 1.5 - Authentication Bypass
Absolute Form Processor XE-V 1.5 - Authentication Bypass ----------------------------------------------------- ----------------------------------------------------- Absolute Form Processor XE-V 1.5 auth Bypass Remote Sql Injecion ----------------------------------------------------- Founder: ThE...
Absolute Form Processor XE 1.5 - login.asp SQL Injection
Absolute Form Processor XE 1.5 - login.asp SQL Injection source: https://www.securityfocus.com/bid/34463/info Absolute Form Processor XE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
CVE-2008-2759
Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...
absolute-screwups.txt
www.BugReport.ir AmnPardaz Security Research Team Title: Xigla Multiple Products - Multiple Vulnerabilities Vendor: http://www.xigla.com/ Exploit: N/A Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index.php?/41 1. Description: Xigla company has several web based products From...