44 matches found
EUVD-2008-6640
Malware in sbrugna...
EUVD-2008-6637
Malware in sbrugna...
EUVD-2008-6636
Malware in sbrugna...
EUVD-2007-3924
Malware in sbrugna...
EUVD-2008-6635
Malware in sbrugna...
EUVD-2008-6639
Malware in sbrugna...
quickersite 1.8.5 - Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: QuickerSite Multiple Vulnerabilities Vendor: www.quickersite.com Vulnerable Version: 1.8.5 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/39 1. Description:...
Design/Logic Flaw
asp/bslogin.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to 1 change the admin password via the cSaveAdminPW action; 2 modify site information, such as the contact address, via the saveAdmin; and 3 modify the site design...
Code injection
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...
CVE-2008-6676
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message...
CVE-2008-6677
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...
CVE-2008-6675
Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...
CVE-2008-6678
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp...
Design/Logic Flaw
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message...
Sql injection
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp...
CVE-2008-6673
asp/bslogin.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to 1 change the admin password via the cSaveAdminPW action; 2 modify site information, such as the contact address, via the saveAdmin; and 3 modify the site design...
CVE-2008-6674
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter...
CVE-2008-6676
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message...
CVE-2008-6673
CVE-2008-6673 affects QuickerSite 1.8.5. The issue is an improper access restriction on admin functionality, allowing remote attackers to perform admin actions via unauthenticated requests: (1) change the admin password through cSaveAdminPW, (2) modify site information such as the contact address...