IISProtect 2.1/2.2 Web Administration Interface SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful exploitation could result in...

IISProtect 2.1/2.2 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...

IIS iisprotect 未设置密码

No description provided by source...

CVE-2003-0317

iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters...

CVE-2003-0377

SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP...

CVE-2003-0377

SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP...

CVE-2003-0377

The CVE-2003-0377 entry concerns iisPROTECT (versions 2.2-r4 and earlier) and is triggered by an SQL injection in the web-based administration interface. The root cause is a vulnerability in how certain variables, notably GroupName on SiteAdmin.ASP, are processed, enabling remote attackers to inj...

iisPROTECT Unpassworded Administrative Interface

The remote host is running iisprotect, an IIS add-on to protect the pages served by this server. However, the administration module of this interface has not been password protected. As a result, an attacker may perform administrative tasks without any authentication. %NASLMINLEVEL 70300 C Tenabl...

iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection

The remote host is running iisPROTECT, an IIS add-on to protect the pages served by this server. There is a bug in the remote version of iisPROTECT that may allow an attacker with the ability to browse the administrative interface to execute arbitrary commands through SQL injection on this host...

iisPROTECT Encoded URL Authentication Bypass

The remote host is running iisPROTECT, an IIS add-on to protect pages served by the web server. iisPROTECT is affected by an authentication bypass vulnerability due to a failure to recognize basic URL encoding. A remote attacher can exploit this, via hex-encoding requested URLs, to read sensitive...

CVE-2003-0317

iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters...

CVE-2003-0317

The CVE-2003-0317 issue affects iisPROTECT 2.1 and 2.2, where a remote attacker can bypass authentication by sending URL-encoded (including hex-encoded) HTTP requests. The root cause is a failure to recognize basic URL encoding, enabling access to protected pages/directories. Documented impact is...

IISProtect 2.12.2 - Web Administration Interface SQL Injection

IISProtect 2.12.2 - Web Administration Interface SQL Injection source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful...

IISProtect 2.1/2.2 - Web Administration Interface SQL Injection

source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful exploitation could result in a compromise of the IISProtect...

iisPROTECT SQL injection in admin interface

Release Date: 23.05.2003 Application: iisPROTECT v/2.2-r4 and probably earlier versions Vendor: iisPROTECT 536, 425 Carrall St. Vancouver, BC, V6B6E3, Canada http://www.iisprotect.com/ Category: SQL injection in admin interface Risk: Medium-High Impact: Arbitrary command execution Vendor Status:...

iDEFENSE Security Advisory 2003-05-22.t

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 05.22.03: http://www.idefense.com/advisory/05.22.03.txt Authentication Bypass in iisPROTECT May 22, 2003 I. BACKGROUND iisPROTECT is designed to provide password protection to web directories similar to the htaccess method...

IISProtect 2.1/2.2 - Authentication Bypass

source: https://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...

IISProtect 2.12.2 - Authentication Bypass

IISProtect 2.12.2 - Authentication Bypass source: https://www.securityfocus.com/bid/7661/info http://www.example.com/%70rotected/secret.html http://www.example.com/protected%2fsecret.html...