CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: QuickerSite Multiple Vulnerabilities Vendor: www.quickersite.com Vulnerable Version: 1.8.5 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/39 1. Description:...

7.1AI score

Exploits0

Prion•added 2009/04/08 10:30 a.m.•14 views

Design/Logic Flaw

asp/bslogin.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to 1 change the admin password via the cSaveAdminPW action; 2 modify site information, such as the contact address, via the saveAdmin; and 3 modify the site design...

7.5CVSS7.4AI score0.02298EPSS

Exploits1References4Affected Software1

Prion•added 2009/04/08 10:30 a.m.•18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...

4.3CVSS6.1AI score0.01718EPSS

Exploits1References6Affected Software1

Prion•added 2009/04/08 10:30 a.m.•9 views

Design/Logic Flaw

QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message...

5CVSS6.6AI score0.03036EPSS

Exploits1References6Affected Software1

Prion•added 2009/04/08 10:30 a.m.•13 views

Sql injection

SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp...

7.5CVSS9.1AI score0.01137EPSS

Exploits0References6Affected Software1

Prion•added 2009/04/08 10:30 a.m.•17 views

Code injection

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter...

5CVSS7.1AI score0.02732EPSS

Exploits0References4Affected Software1

NVD•added 2009/04/08 10:30 a.m.•19 views

CVE-2008-6674

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter...

5CVSS6.6AI score0.02732EPSS

Exploits0References4

NVD•added 2009/04/08 10:30 a.m.•17 views

CVE-2008-6675

4.3CVSS5.8AI score0.01718EPSS

Exploits1References6

NVD•added 2009/04/08 10:30 a.m.•19 views

CVE-2008-6678

7.5CVSS8.3AI score0.01137EPSS

Exploits0References6

NVD•added 2009/04/08 10:30 a.m.•14 views

CVE-2008-6673

7.5CVSS6.8AI score0.02298EPSS

Exploits1References4

NVD•added 2009/04/08 10:30 a.m.•14 views

CVE-2008-6676

QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message...

5CVSS6.1AI score0.03036EPSS

Exploits1References6

NVD•added 2009/04/08 10:30 a.m.•17 views

CVE-2008-6677

Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

7.5CVSS7.6AI score0.04013EPSS

Exploits1References4

CVE•added 2009/04/08 10:0 a.m.•43 views

CVE-2008-6675

CVE-2008-6675 affects QuickerSite 1.8.5 with multiple reflected XSS vectors. The vulnerabilities arise in (1) showThumb.aspx via the close parameter, (2) process_send.asp via SB_redirect and SB_feedback as reachable through default.asp, (3) picker.asp via paramCode and cColor, and (4) rss.asp via...

4.3CVSS5.9AI score0.01718EPSS

Exploits1References6Affected Software1

CVE•added 2009/04/08 10:0 a.m.•42 views

CVE-2008-6674

CVE-2008-6674 concerns mailPage.asp in QuickerSite 1.8.5 . The vulnerability lets remote attackers flood email accounts by issuing a large number of requests with a modified sEmail parameter. The public records describe this as a parameter tampering/abuse issue leading to message floods, with the...

5CVSS6.8AI score0.02732EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by