CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

seebug.org•added 2007/01/05 12:0 a.m.•19 views

TaskTracker Customize.ASP管理员未授权访问漏洞

TaskTracker是一款基于ASP的WEB应用程序。 TaskTracker不正确过滤用户提交的输入，远程攻击者可以利用漏洞未授权访问应用程序。问题是'Customize.ASP'脚本对用户提交的WEB参数缺少过滤，提交恶意参数可绕过验证以管理员权限访问应用系统。 Geckovich TaskTracker Pro 1.5 Geckovich TaskTracker 1.4 前没有解决方案提供： http://www.geckovich.com/default.asp?display=tasktracker...

7.1AI score

Exploits0

Prion•added 2007/01/04 11:28 a.m.•13 views

Design/Logic Flaw

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp...

7.5CVSS7.2AI score0.07011EPSS

Exploits1References5Affected Software2

NVD•added 2007/01/04 11:28 a.m.•9 views

CVE-2007-0049

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp...

7.5CVSS6.7AI score0.07011EPSS

Exploits1References5

Cvelist•added 2007/01/04 11:0 a.m.•13 views

CVE-2007-0049

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp...

6.7AI score0.07011EPSS

Exploits1References5

CVE•added 2007/01/04 11:0 a.m.•45 views

CVE-2007-0049

Geckovich TaskTracker Pro 1.5 and earlier is affected by CVE-2007-0049. The vulnerability allows remote attackers to add administrative or other accounts by sending a direct request to Customize.asp with a modified GroupID in the Add action. The described impact is the ability to create extra acc...

7.5CVSS6.7AI score0.07011EPSS

Exploits1References5Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by