17 matches found
CVE-2008-6856
Xigla Software Absolute News Manager.NET 5.1 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value...
Information disclosure
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message...
Directory traversal
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. dot dot in the template parameter...
CVE-2007-6268
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. dot dot in the template parameter...
CVE-2007-6270
Multiple cross-site scripting XSS vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 rmore parameter to xlaabsolutenm.aspx and the 2 template parameter to pages/default.aspx...
CVE-2007-6271
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 rmore parameter to xlaabsolutenm.aspx and the 2 template parameter to pages/default.aspx...
CVE-2007-6269
CVE-2007-6269 affects Absolute News Manager.NET 5.1. Multiple SQL injection vulnerabilities exist in xlaabsolutenm.aspx exploitable via the (1) z, (2) pz, (3) ord, and (4) sort parameters. Remote attackers can execute arbitrary SQL commands. CVSS v2 base score 7.5 (HIGH) with network attack vecto...
CVE-2007-6270
Multiple cross-site scripting XSS vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 rmore parameter to xlaabsolutenm.aspx and the 2 template parameter to pages/default.aspx...
CVE-2007-6269
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the 1 z, 2 pz, 3 ord, and 4 sort parameters...
CVE-2007-6268
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. dot dot in the template parameter...
CVE-2007-6270
Absolute News Manager.NET 5.1 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the rmore parameter in xlaabsolutenm.aspx and the template parameter in pages/default.aspx. The issue arises from unsafely handling u...
CVE-2007-6268
In CVE-2007-6268, Absolute News Manager.NET 5.1 is vulnerable via directory traversal in pages/default.aspx, allowing an attacker to read arbitrary files by manipulating the template parameter (..). The underlying issue is a path traversal in the template parameter; no exploitation details are pr...
CVE-2007-6271
CVE-2007-6271 affects Absolute News Manager.NET 5.1. The vulnerability is an information disclosure: remote attackers can obtain the installation path by requesting getpath.aspx, which leads to an error message revealing path details. The connected sources confirm this specific behavior across mu...
EUVD-2007-6238
Multiple cross-site scripting XSS vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 rmore parameter to xlaabsolutenm.aspx and the 2 template parameter to pages/default.aspx...
ProCheckUp Security Advisory 2007.39
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...