XIGLA Absolute Form Processor XE 1.5 'login.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34463/info Absolute Form Processor XE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...

Absolute Form Processor XE-V 1.5 - Remote Change Pasword Exploit

No description provided by source. title Absolute Form Processor XE-V 1.5 Remote Change Pasword /title body bgcolor=FFFFFF text=000000 form name=form1 method=post action=http://www.xigla.com/absolutefp/demo/edituser.asp table width=96% border=0 cellspacing=2 cellpadding=2 align=center tr...

CVE-2009-1504

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."...

Authentication flaw

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."...

CVE-2009-1504

Absolute Form Processor XE 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to "lvl=1&userid=1."...

CVE-2009-1504

CVE-2009-1504 affects Absolute Form Processor XE 1.5. The vulnerability allows remote attackers to bypass authentication and gain administrative access by setting the xlaAFPadmin cookie to “lvl=1&userid=1.” This is supported by NVD/NVD-derived details; CVSS metrics indicate network attack, low co...

Absolute Form Processor XE-V 1.5 (Auth Bypass) SQL Injection Vuln

No description provided by source. ----------------------------------------------------- ----------------------------------------------------- Absolute Form Processor XE-V 1.5 auth Bypass Remote Sql Injecion ----------------------------------------------------- Founder: ThE g0bL!NDz Home:...

Absolute Form Processor XE 1.5 - login.asp SQL Injection

Absolute Form Processor XE 1.5 - login.asp SQL Injection source: https://www.securityfocus.com/bid/34463/info Absolute Form Processor XE is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...

Absolute Form Processor XE-V 1.5 - Authentication Bypass

Absolute Form Processor XE-V 1.5 - Authentication Bypass ----------------------------------------------------- ----------------------------------------------------- Absolute Form Processor XE-V 1.5 auth Bypass Remote Sql Injecion ----------------------------------------------------- Founder: ThE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...

CVE-2008-2759

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...

absolute-screwups.txt

www.BugReport.ir AmnPardaz Security Research Team Title: Xigla Multiple Products - Multiple Vulnerabilities Vendor: http://www.xigla.com/ Exploit: N/A Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index.php?/41 1. Description: Xigla company has several web based products From...